A vulnerability described as critical has been identified in Craftql up to 1.3.7. This issue affects some unknown processing of the file vendor/markhuot/craftql/src/Listeners/GetAssetsFieldSchema.php. Such manipulation leads to server-side request forgery.
This vulnerability is documented as CVE-2026-31317. The attack can be executed remotely. There is not any exploit available.
