Vulnerability in Craftcms Cms

CVE-2026-50281

Craft CMS is a content management system (CMS). Versions 5.7.0 and above, prior to 5.9.21 contain a mass-assignment flaw in the bulk-duplicate element action. An attacker who is only able to duplicate their own entires can submit an arbitr…

Vulnerability class: Mass Assignment

Affected products

Weakness classification (CWE)

References