craftcms/cms Security Advisories for 4.17.15 (2)
-
[MEDIUM] Craft CMS: Sensitive File Disclosure / Server-Side File Read
PKSA-rvh7-y4k6-cn59 CVE-2026-55792 GHSA-287w-mxq6-x2cp
Affected version: >=5.0.0-RC1,<5.10.0|>=4.0.0-RC1,<4.18.0
Reported by:
GitHub -
[CRITICAL] Craft CMS: Blind SSRF and Arbitrary JavaScript Injection via Host Header Poisoning in actionResourceJs
PKSA-5xds-5mf3-ckxn CVE-2026-55791 GHSA-c55v-343g-5xff
Affected version: >=4.0.0-RC1,<4.18|>=5.0.0-RC1,<5.10
Reported by:
GitHub