CVE-2026-27128 | Craft CMS up to 4.16.18/5.8.22 getTokenRoute toctou (GHSA-6fx5-5cw5-4897)

Inserito da Angelo Barbosa | Feb 24, 2026 | CVE

A vulnerability, which was classified as problematic, was found in Craft CMS up to 4.16.18/5.8.22. The affected element is the function getTokenRoute. The manipulation results in time-of-check time-of-use.

This vulnerability is identified as CVE-2026-27128. The attack can be executed remotely. There is not any exploit available.

You should upgrade the affected component.

CVE-2026-27128 | Craft CMS up to 4.16.18/5.8.22 getTokenRoute toctou (GHSA-6fx5-5cw5-4897)

Post correlati

CVE-2023-52712 | Huawei CurieM-WFG9B 2.28 SMI AmdPspP2CmboxV2 access control

CVE-2023-47681 | QuadLayers WooCommerce Checkout Manager Plugin up to 7.3.0 on WordPress authorization

CVE-2025-26381 | Johnson Controls OpenBlue Mobile Web Application direct request (icsa-25-338-03)

CVE-2024-6445 | DataFlowX Technology DataDiodeX up to 3.4.x path traversal