Known Vulnerabilities for Craft Cms by Craftcms
Listed below are 10 of the newest known vulnerabilities associated with "Craft Cms" by "Craftcms".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-56394 json | Craft CMS from 4.0.0-RC1 contains an authenticated path traversal vulnerability in the assets/icon endpoint where the extensi... | Not Provided | 2026-06-21 | 2026-06-23 |
| CVE-2026-56393 json | Craft CMS 4.x (>= 4.0.0-RC1, < 4.17.0-beta.1) and 5.x (>= 5.0.0-RC1, < 5.9.0-beta.1) contain multiple stored cross-site scrip... | Not Provided | 2026-06-21 | 2026-06-22 |
| CVE-2026-56385 json | Craft CMS versions >= 5.0.0-RC1, <= 5.9.13 and >= 4.0.0-RC1, <= 4.17.7 contain an authorization bypass in the assets/preview-... | Not Provided | 2026-06-21 | 2026-06-22 |
| CVE-2026-56384 json | Craft CMS contains a missing authorization vulnerability in the assets/preview-thumb endpoint. A Control Panel user without p... | Not Provided | 2026-06-21 | 2026-06-21 |
| CVE-2026-56383 json | Craft CMS contains a stored cross-site scripting (XSS) vulnerability in the editableTable.twig component when using the 'Row ... | Not Provided | 2026-06-21 | 2026-06-23 |
| CVE-2026-56382 json | Craft CMS (composer package craftcms/cms) versions >= 5.5.0 and <= 5.9.13 contain a remote code execution vulnerability in th... | Not Provided | 2026-06-21 | 2026-06-22 |
| CVE-2026-56381 json | Craft CMS from version 5.0.0-RC1 contains a stored cross-site scripting vulnerability in the User Permissions page where user... | Not Provided | 2026-06-21 | 2026-06-23 |
| CVE-2026-56379 json | ImageMagick before 7.1.2-15 and 6.9.13-40 contains a command injection vulnerability in the SVG decoder that allows attackers... | Not Provided | 2026-06-23 | 2026-06-23 |
| CVE-2026-56345 json | AVideo through 29.0 contains an authorization bypass vulnerability in the Meet plugin's uploadRecordedVideo.json.php endpoint... | Not Provided | 2026-06-20 | 2026-06-23 |
| CVE-2026-56332 json | Capgo before 12.128.2 contains an open redirect vulnerability in the confirm-signup endpoint that allows attackers to redirec... | Not Provided | 2026-06-20 | 2026-06-22 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Craftcms | Craft Cms | 3.4.9 | |||
| Application | Craftcms | Craft Cms | 3.4.8 | |||
| Application | Craftcms | Craft Cms | 3.4.7.1 | |||
| Application | Craftcms | Craft Cms | 3.4.7 | |||
| Application | Craftcms | Craft Cms | 3.4.6.1 | |||
| Application | Craftcms | Craft Cms | 3.4.6 | |||
| Application | Craftcms | Craft Cms | 3.4.5 | |||
| Application | Craftcms | Craft Cms | 3.4.4.1 | |||
| Application | Craftcms | Craft Cms | 3.4.4 | |||
| Application | Craftcms | Craft Cms | 3.4.3 | |||
| Application | Craftcms | Craft Cms | 3.4.25 | |||
| Application | Craftcms | Craft Cms | 3.4.24 | |||
| Application | Craftcms | Craft Cms | 3.4.23 | |||
| Application | Craftcms | Craft Cms | 3.4.22.1 | |||
| Application | Craftcms | Craft Cms | 3.4.22 | |||
| Application | Craftcms | Craft Cms | 3.4.21 | |||
| Application | Craftcms | Craft Cms | 3.4.20 | |||
| Application | Craftcms | Craft Cms | 3.4.2 | |||
| Application | Craftcms | Craft Cms | 3.4.19.1 | |||
| Application | Craftcms | Craft Cms | 3.4.19 |