CVE-2026-27128 | Craft CMS up to 4.16.18/5.8.22 getTokenRoute toctou (GHSA-6fx5-5cw5-4897)

Inserito da Angelo Barbosa | Feb 24, 2026 | CVE

A vulnerability, which was classified as problematic, was found in Craft CMS up to 4.16.18/5.8.22. The affected element is the function getTokenRoute. The manipulation results in time-of-check time-of-use.

This vulnerability is identified as CVE-2026-27128. The attack can be executed remotely. There is not any exploit available.

You should upgrade the affected component.

CVE-2026-27128 | Craft CMS up to 4.16.18/5.8.22 getTokenRoute toctou (GHSA-6fx5-5cw5-4897)

Post correlati

CVE-2025-8509 | Portabilis i-Educar 2.9 educar_servidor_cad.php matricula cross site scripting

CVE-2024-6352 | Silabs SiSDK up to 2024.6.2 APS Layer buffer overflow

CVE-2024-11968 | code-projects Farmacia up to 1.0 pagamento.php notaFiscal sql injection

CVE-2025-14696 | Shenzhen Sixun Software Sixun Shanghui Group Business Management System 4.10.24.3 UpdatePasswordBatch password recovery