Security Advisories - PKSA-5xds-5mf3-ckxn - Packagist.org

PKSA-5xds-5mf3-ckxn Security Advisory

[CRITICAL] Craft CMS: Blind SSRF and Arbitrary JavaScript Injection via Host Header Poisoning in actionResourceJs

PKSA-5xds-5mf3-ckxn CVE-2026-55791 GHSA-c55v-343g-5xff

Affected package: craftcms/cms

Affected version: >=4.0.0-RC1,<4.18|>=5.0.0-RC1,<5.10

Reported by:
GitHub