CVE-2026-31266

Published May 27th, 2026

View on NVD ↗

CVSS v3

7.3

HIGH

CVSS v2

N/A

Affected

2

PROJECTS

Description

Craft CMS 5.9.5 and earlier contains a Missing Authorization vulnerability in the migrate endpoint (/actions/app/migrate).

Build bespoke content experiences with Craft.

GitHub

3.58K

0xrixet/Craftcms-PoC-CVE-2026-31266

Security research on Craft CMS authentication mechanism

GitHub