Payloadcms Payload

10 CVEs affecting Payloadcms Payload. Latest disclosed: 2026-04-01. Critical: 2, High: 4.

Top CVEs affecting Payloadcms Payload
CVE	Severity	Score	Published	Summary
`CVE-2026-25544`	Critical	`9.8`	2026-02-06	Payload is a free and open source headless content management system. Prior to 3.73.0, when querying JSON or richText fields, user input was directly embedded…
`CVE-2026-34751`	Critical	`9.1`	2026-04-01	Payload is a free and open source headless content management system. Prior to version 3.79.1 in @payloadcms/graphql and payload, a vulnerability in the passwo…
`CVE-2026-34748`	High	`8.7`	2026-04-01	Payload is a free and open source headless content management system. Prior to version 3.78.0 in @payloadcms/next, a stored Cross-Site Scripting (XSS) vulnerab…
`CVE-2026-34747`	High	`8.5`	2026-04-01	Payload is a free and open source headless content management system. Prior to version 3.79.1, certain request inputs were not properly validated. An attacker…
`CVE-2026-34746`	High	`7.7`	2026-04-01	Payload is a free and open source headless content management system. Prior to version 3.79.1, an authenticated Server-Side Request Forgery (SSRF) vulnerabilit…
`CVE-2023-30843`	High	`7.4`	2023-04-26	Payload is a free and open source headless content management system. In versions prior to 1.7.0, if a user has access to documents that contain hidden fields…
`CVE-2026-34750`	Medium	`6.5`	2026-04-01	Payload is a free and open source headless content management system. Prior to version 3.78.0 in @payloadcms/storage-azure, @payloadcms/storage-gcs, @payloadcm…
`CVE-2026-27567`	Medium	`6.5`	2026-02-24	Payload is a free and open source headless content management system. Prior to 3.75.0, a Server-Side Request Forgery (SSRF) vulnerability exists in Payload's e…
`CVE-2026-34749`	Medium	`5.4`	2026-04-01	Payload is a free and open source headless content management system. Prior to version 3.79.1, a Cross-Site Request Forgery (CSRF) vulnerability exists in the…
`CVE-2026-25574`	Medium	`5.4`	2026-02-06	Payload is a free and open source headless content management system. Prior to 3.74.0, a cross-collection Insecure Direct Object Reference (IDOR) vulnerability…