RCE in Craftcms Cms

CVE-2026-55794

Craft CMS is a content management system (CMS). In versions 5.9.0 and above prior to 5.10.0, control panel users with the ability to edit entries can execute unsandboxed Twig code via the HTTP Referrer header, potentially leading to authen…

Vulnerability class: RCE (Remote Code Execution)

Affected products

Weakness classification (CWE)

References