CVE-2026-32270 | Craft CMS up to 4.10.2/5.5.4 actionPay email/shipping address/billing address information disclosure (GHSA-3vxg-x5f8-f5qf)

Inserito da Angelo Barbosa | Apr 13, 2026 | CVE

A vulnerability has been found in Craft CMS up to 4.10.2/5.5.4 and classified as problematic. Affected is the function actionPay. Performing a manipulation of the argument email/shipping address/billing address results in information disclosure.

This vulnerability was named CVE-2026-32270. The attack may be initiated remotely. There is no available exploit.

The affected component should be upgraded.

CVE-2026-32270 | Craft CMS up to 4.10.2/5.5.4 actionPay email/shipping address/billing address information disclosure (GHSA-3vxg-x5f8-f5qf)

Post correlati

CVE-2025-21837 | Linux Kernel up to 6.13.3/6.14-rc2 uring_cmd information disclosure

CVE-2025-22175 | Atlassian Jira Align up to 11.16.0 information disclosure

CVE-2024-47635 | TinyPNG Plugin up to 3.4.3 on WordPress cross-site request forgery

CVE-2025-15230 | Tenda M3 1.0.0.13(4903) setVlanPolicyData formSetVlanPolicy qvlan_truck_port heap-based overflow