Vulnerabilities
Report: CVE-2026-41129 - Craft CMS has Server-Side Request Forgery (SSRF) with Asset Uploads Mutations - Analysis
CVE ID :CVE-2026-41129 Published : April 22, 2026, 12:16 a.m. | 33 minutes ago Description :Craft CMS is a content management system (CMS). Versions on the 4.x branch through 4.17.8 and the 5.x branch through 5.9.14 are vulnerable to Server-Side Request Forgery. The exploitation requires a few permissions to be enabled in the used GraphQL schema:
CVE Details
CVE ID
Published
April 22, 2026