CVE-2026-31266

Published: Mag 27, 2026 Last Modified: Mag 27, 2026
ExploitDB:
Other exploit source:
Google Dorks:

Description

AI Translation Available

Craft CMS 5.9.5 and earlier contains a Missing Authorization vulnerability in the migrate endpoint (/actions/app/migrate).

https://github.com/0xrixet/cms-security-poc
https://github.com/0xrixet/cms-security-poc
https://github.com/craftcms/cms
https://github.com/craftcms/cms