0xrixet/Craftcms-PoC-CVE-2026-31266

0xrixet/Craftcms-PoC-CVE-2026-31266

GitHubGitHub
GitHubgithub.com
Releases1
Frequency
Last Release
Security research on Craft CMS authentication mechanism
Log in to subscribe

CVE History

CVEPublishedCVSS v3CVSS v2
CVE-2026-31266
7.3 HIGH

Craft CMS 5.9.5 and earlier contains a Missing Authorization vulnerability in the migrate endpoint (/actions/app/migrate).