What is CVE-2026-34747?

CVE-2026-34747 is a high-severity vulnerability in Payloadcms Payload, classified under SQL Injection. CVSS score: 8.5/10. Published 2026-04-01.

How severe is CVE-2026-34747?

High severity. CVSS v3 base score is 8.5 out of 10.

SQL Injection in Payloadcms Payload

CVE-2026-34747

Payload is a free and open source headless content management system. Prior to version 3.79.1, certain request inputs were not properly validated. An attacker could craft requests that influence SQL query execution, potentially exposing or…

Vulnerability class: SQL Injection

EPSS: 0.000 (8.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N.

Affected products

Payloadcms Payload — versions < 3.79.1

Weakness classification (CWE)

CWE-89 — SQL Injection

References

https://github.com/payloadcms/payload/security/advisories/GHSA-7xxh-373w-35vg (x_refsource_CONFIRM)
https://github.com/payloadcms/payload/releases/tag/v3.79.1 (x_refsource_MISC)

Frequently asked questions

What is CVE-2026-34747?: CVE-2026-34747 is a high-severity vulnerability in Payloadcms Payload, classified under SQL Injection. CVSS score: 8.5/10. Published 2026-04-01.
How severe is CVE-2026-34747?: High severity. CVSS v3 base score is 8.5 out of 10.