CVE-2026-31317

Published
View on NVD ↗
CVSS v3
7.5
HIGH
CVSS v2
N/A
Affected
2
PROJECTS

Description

Craftql v1.3.7 and before is vulnerable to Server-Side Request Forgery (SSRF) which allows an attacker to execute arbitrary code via the vendor/markhuot/craftql/src/Listeners/GetAssetsFieldSchema.php file

markhuot/craftql
markhuot/craftql
A drop-in GraphQL server for Craft CMS
GitHubGitHub
318
stormmmg/craftql_ssrf
stormmmg/craftql_ssrf
This is a report on craftql_ssrf, including code analysis, PoC, and reproduction process.
GitHubGitHub
1