What is CVE-2026-56383?

CVE-2026-56383 is a medium-severity vulnerability in Craftcms Cms, classified under Cross-site Scripting. CVSS score: 4.8/10. Published 2026-06-21.

How severe is CVE-2026-56383?

Medium severity. CVSS v3 base score is 4.8 out of 10.

XSS in Craftcms Cms

CVE-2026-56383

Craft CMS contains a stored cross-site scripting (XSS) vulnerability in the editableTable.twig component when using the 'Row Heading' column type. The application fails to sanitize input within row heading default values, allowing an attac…

Vulnerability class: XSS (Cross-Site Scripting)

CVSS v3 metric

CVSS v3 base score 4.8 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N.

Affected products

Craftcms Cms — versions 4.5.0-beta.1, 4.16.19, 5.0.0-RC1

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

disclosure@vulncheck.com (vendor-advisory)
disclosure@vulncheck.com (patch)
disclosure@vulncheck.com (third-party-advisory)

Frequently asked questions

What is CVE-2026-56383?: CVE-2026-56383 is a medium-severity vulnerability in Craftcms Cms, classified under Cross-site Scripting. CVSS score: 4.8/10. Published 2026-06-21.
How severe is CVE-2026-56383?: Medium severity. CVSS v3 base score is 4.8 out of 10.