Apostrophecms Apostrophe
7 CVEs affecting Apostrophecms Apostrophe. Latest disclosed: 2026-04-15. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-35569 | High | 8.7 | 2026-04-15 | ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain a stored cross-site scripting vulnerability in SEO-related… |
CVE-2026-32730 | High | 8.1 | 2026-03-18 | ApostropheCMS is an open-source content management framework. Prior to version 4.28.0, the bearer token authentication middleware in `@apostrophecms/express/in… |
CVE-2026-40186 | Medium | 6.1 | 2026-04-15 | ApostropheCMS is an open-source Node.js content management system. A regression introduced in commit 49d0bb7, included in versions 2.17.1 of the ApostropheCMS-… |
CVE-2026-33889 | Medium | 5.4 | 2026-04-15 | ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain a stored cross-site scripting vulnerability in the @apostr… |
CVE-2026-39857 | Medium | 5.3 | 2026-04-15 | ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain an authorization bypass vulnerability in the choices and c… |
CVE-2026-33888 | Medium | 5.3 | 2026-04-15 | ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain an authorization bypass vulnerability in the getRestQuery… |
CVE-2026-33877 | Low | 3.7 | 2026-04-15 | ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain a timing side-channel vulnerability in the password reset… |