CVE-2026-28695 | Craft CMS Twig SSTI create path traversal

Inserito da Angelo Barbosa | Mar 4, 2026 | CVE

A vulnerability, which was classified as critical, has been found in Craft CMS. The impacted element is the function create of the component Twig SSTI. This manipulation causes path traversal.

This vulnerability is registered as CVE-2026-28695. Remote exploitation of the attack is possible. No exploit is available.

It is advisable to upgrade the affected component.

CVE-2026-28695 | Craft CMS Twig SSTI create path traversal

Post correlati

CVE-2024-55971 | Logitime WebClock Application up to 5.43.0 sql injection

CVE-2024-32384 | Kerlink KerOS up to 5.9 Web Interface channel accessible

CVE-2014-125128 | sanitize-html up to 1.0.2 Anchor Tag naughtyHref cross site scripting

CVE-2024-57423 | CloudClassroom-PHP Project 1.0 assessment exid cross site scripting