Security Advisories - PKSA-1qxd-z2sm-yssc - Packagist.org

PKSA-1qxd-z2sm-yssc Security Advisory

[HIGH] Craft CMS vulnerable to behavior injection RCE ElementIndexesController and FieldsController

PKSA-1qxd-z2sm-yssc CVE-2026-32264 GHSA-4484-8v2f-5748

Affected package: craftcms/cms

Affected version: >=5.0.0-RC1,<=5.9.10|>=4.0.0-RC1,<=4.17.4

Reported by:
GitHub