CVE-2026-32264 | Craft CMS up to 4.17.4/5.9.10 externally-controlled input to select classes or code

Inserito da Angelo Barbosa | Mar 16, 2026 | CVE

A vulnerability categorized as problematic has been discovered in Craft CMS up to 4.17.4/5.9.10. The affected element is an unknown function. The manipulation results in use of externally-controlled input to select classes or code.

This vulnerability is cataloged as CVE-2026-32264. The attack may be launched remotely. There is no exploit available.

It is advisable to upgrade the affected component.

CVE-2026-32264 | Craft CMS up to 4.17.4/5.9.10 externally-controlled input to select classes or code

Post correlati

CVE-2024-6907 | SourceCodester Record Management System 1.0 sort.php sort cross site scripting

CVE-2025-54783 | SuiteCRM up to 7.14.6 HTTP Header Referer cross site scripting (GHSA-vqrj-gp9m-8c6r)

CVE-2023-41178 | Trend Micro Mobile Security for Enterprise vpplist_assign_list cross site scripting

CVE-2025-48287 | Pagaleve Pix 4x sem juros Plugin up to 1.6.9 on WordPress deserialization