markhuot/craftql

Releases42

Frequency1 month 5 days

Last Release almost 5 years ago

Stars318

A drop-in GraphQL server for Craft CMS

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2026-31317 ↗	Apr 17, 2026Friday, 17 April 2026, 14:16	7.5 HIGH	—
Craftql v1.3.7 and before is vulnerable to Server-Side Request Forgery (SSRF) which allows an attacker to execute arbitrary code via the vendor/markhuot/craftql/src/Listeners/GetAssetsFieldSchema.php file