stormmmg/craftql_ssrf

Releases0

Stars1

This is a report on craftql_ssrf, including code analysis, PoC, and reproduction process.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2026-31317 ↗	Apr 17, 2026Friday, 17 April 2026, 14:16	7.5 HIGH	—
Craftql v1.3.7 and before is vulnerable to Server-Side Request Forgery (SSRF) which allows an attacker to execute arbitrary code via the vendor/markhuot/craftql/src/Listeners/GetAssetsFieldSchema.php file