CVE-2026-32262 | Craft CMS up to 4.17.4/5.9.10 replaceFile targetFilename path traversal

Inserito da Angelo Barbosa | Mar 16, 2026 | CVE

A vulnerability labeled as critical has been found in Craft CMS up to 4.17.4/5.9.10. This affects the function replaceFile. Such manipulation of the argument targetFilename leads to path traversal.

This vulnerability is documented as CVE-2026-32262. The attack can be executed remotely. There is not any exploit available.

The affected component should be upgraded.

CVE-2026-32262 | Craft CMS up to 4.17.4/5.9.10 replaceFile targetFilename path traversal

Post correlati

CVE-2024-3677 | Ultimate 410 Gone Status Code Plugin up to 1.1.4 on WordPress cross site scripting

CVE-2024-34011 | Acronis Cyber Protect Cloud Agent prior 37758 Folder default permission

CVE-2024-8460 | D-Link DNS-320 2.02b01 Web Management Interface /cgi-bin/widget_api.cgi getHD/getSer/getSys information disclosure (SAP10383)

CVE-2026-22881 | Cybozu Garoon up to 6.0.3 Message cross site scripting