VIR Vulnerability Intelligence Relay

Package impact

php COMPOSER / craftcms/cms

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-44012 high 8.0 22d ago Craft CMS's Missing Volume Permission Check in AssetsController::actionShowInFolder Allows Information Disclosure
CVE-2026-44011 high 8.0 22d ago Craft CMS has Potential Authenticated Remote Code Execution via Malicious Attached Behavior
CVE-2026-44010 high 8.0 22d ago Craft CMS's Missing Authorization in GraphQL Address Resolver Allows Cross-Scope PII Disclosure
CVE-2026-31859 medium 5.5 3mo ago CraftCMS vulnerable to reflective XSS via incomplete return URL sanitization