CVE-2026-56394 | Craft CMS up to 4.17.6/5.9.12 SVG File path traversal (GHSA-c43v-4cr8-6mvp)

Inserito da Angelo Barbosa | Giu 21, 2026 | CVE

A vulnerability categorized as critical has been discovered in Craft CMS up to 4.17.6/5.9.12. Affected is an unknown function of the component SVG File Handler. Executing a manipulation can lead to path traversal.

This vulnerability is handled as CVE-2026-56394. The attack can be executed remotely. There is not any exploit available.

It is advisable to upgrade the affected component.

CVE-2026-56394 | Craft CMS up to 4.17.6/5.9.12 SVG File path traversal (GHSA-c43v-4cr8-6mvp)

Post correlati

CVE-2023-5756 | Supsystic Digital Publications Plugin up to 1.7.6 on WordPress AJAX Action cross-site request forgery

CVE-2025-68273 | SignalK Server up to 2.18.x information disclosure (GHSA-fpf5-w967-rr2m)

CVE-2024-8347 | SourceCodester Computer Laboratory Management System 1.0 Master.php delete_record id sql injection

CVE-2024-6138 | Secure Copy Content Protection and Content Locking Plugin Setting cross site scripting