CVE-2026-32272 | Craft CMS up to 5.5.4/5.6.0 Craft::configure sql injection

Inserito da Angelo Barbosa | Apr 13, 2026 | CVE

A vulnerability was found in Craft CMS up to 5.5.4/5.6.0. It has been rated as critical. This vulnerability affects the function Craft::configure. This manipulation causes sql injection.

This vulnerability is tracked as CVE-2026-32272. The attack is possible to be carried out remotely. No exploit exists.

Upgrading the affected component is advised.

CVE-2026-32272 | Craft CMS up to 5.5.4/5.6.0 Craft::configure sql injection

Post correlati

CVE-2023-5685 | xnio NotifierState stack-based overflow

CVE-2024-35200 | F5 NGINX Plus/NGINX Open Source HTTP3 QUIC denial of service (K000139612)

CVE-2025-5184 | Summer Pearl Group Vacation Rental Management Platform up to 1.0.1 HTTP Response Header information disclosure

CVE-2023-42866 | Apple macOS WebKit Privilege Escalation