Vulnerability in Craftcms Cms

CVE-2026-44011

Craft CMS is a content management system (CMS). From 4.0.0 to before 4.17.12 and 5.9.18, Craft CMS which contains an input-handling flaw in a Yii object creation path that let any authenticated user inject malicious configuration and execu…

EPSS: 0.000 (6.4th percentile) — read the EPSS interpretation.

Affected products

Craftcms Cms — versions >= 4.0.0, < 4.17.12, >= 5.0.0, < 5.9.18

Weakness classification (CWE)

CWE-479

References

security-advisories@github.com (x_refsource_CONFIRM)
security-advisories@github.com (x_refsource_MISC)