getformwork/formwork Security Advisories for 2.0.0-beta.2 (3)
-
[HIGH] Formwork Improperly Managed Privileges in User creation
PKSA-s7gr-pq9f-f16r CVE-2026-27198 GHSA-34p4-7w83-35g2
Affected version: >=2.0.0,<=2.3.3
Reported by:
GitHub -
[MEDIUM] Formwork CMS has Stored Cross-Site Scripting Vulnerebility in Blog Tags
PKSA-rmpr-1pwg-drvq CVE-2025-65956 GHSA-7j46-f57w-76pj
Affected version: <2.2.0
Reported by:
GitHub -
[HIGH] Formwork improperly validates input of User role preventing site and panel availability
PKSA-f12j-yzp4-332f GHSA-c85w-x26q-ch87
Affected version: >=2.0.0-beta.1,<2.0.0-beta.4
Reported by:
GitHub