Auth bypass in Craftcms Cms

CVE-2026-50279

Craft CMS is a content management system (CMS). IN versions 5.0.0-RC1 and above prior to 5.9.21, theEntriesController::actionSaveEntry() performs entry-edit permission checks before request-controlled author changes are applied to the mode…

Affected products

Weakness classification (CWE)

References