RCE in Craftcms Cms
CVE-2026-55794
Craft CMS is a content management system (CMS). In versions 5.9.0 and above prior to 5.10.0, control panel users with the ability to edit entries can execute unsandboxed Twig code via the HTTP Referrer header, potentially leading to authen…
Vulnerability class: RCE (Remote Code Execution)
Affected products
- Craftcms Cms — versions >= 5.9.0, < 5.10.0
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)
- security-advisories@github.com (x_refsource_MISC)