Vulnerability in Craftcms Cms

CVE-2026-50280

Craft CMS is a content management system (CMS). In versions 5.0.0-RC1 and above prior to 5.9.21, the EntriesController::actionMoveToSection() endpoint gates the destination section only by viewEntries:$section->uid rather than requiring sa…

Affected products

Weakness classification (CWE)

References