High severityNVD Advisory· Published Feb 24, 2026· Updated Feb 28, 2026

Craft CMS has Cloud Metadata SSRF Protection Bypass via DNS Rebinding

CVE-2026-27127

Description

Craft is a content management system (CMS). In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, the SSRF validation in Craft CMS’s GraphQL Asset mutation performs DNS resolution separately from the HTTP request. This Time-of-Check-Time-of-Use (TOCTOU) vulnerability enables DNS rebinding attacks, where an attacker’s DNS server returns different IP addresses for validation compared to the actual request. This is a bypass of the security fix for CVE-2025-68437 that allows access to all blocked IPs, not just IPv6 endpoints. Exploitation requires GraphQL schema permissions for editing assets in the ` volume and creating assets in the ` volume. These permissions may be granted to authenticated users with appropriate GraphQL schema access and/or Public Schema (if misconfigured with write permissions). Versions 4.16.19 and 5.8.23 patch the issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Craft CMS GraphQL asset mutation bypasses SSRF protection via DNS rebinding, enabling access to cloud metadata endpoints.

Vulnerability

Overview

CVE-2026-27127 is a Time-of-Check-Time-of-Use (TOCTOU) vulnerability in Craft CMS’s GraphQL Asset mutation, affecting versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22 [2][4]. The SSRF validation performs two independent DNS lookups: a validation lookup via gethostbyname() to check if the resolved IP is a blocked metadata endpoint, followed by a second resolution by the HTTP client (Guzzle) when making the actual request [4]. This window between checks allows a DNS rebinding attack, where an attacker-controlled DNS server returns a safe IP during validation and then switches to a malicious IP (e.g., cloud metadata service IPs such as 169.254.169.254) during the request [1][2]. This bypasses the previous fix for CVE-2025-68437, which only addressed a subset of blocked IPs [2][4].

Attack

Vector and Prerequisites

Exploitation requires that the attacker has specific GraphQL schema permissions: Edit assets in the volume and Create assets in the volume [2][4]. These permissions may be granted to authenticated users with appropriate GraphQL schema access, or through a Public Schema if it is misconfigured with write permissions [2][4]. An attacker who meets these prerequisites can craft a malicious GraphQL mutation that targets a domain they control, configured to perform DNS rebinding. The attack is a classic TOCTOU race condition, where the validation phase and the request phase observe different DNS resolutions [1][2].

Impact

Successful exploitation allows an attacker to bypass SSRF protections and send HTTP requests to internal services, specifically cloud metadata endpoints such as AWS, GCP, Azure, Alibaba Cloud, and Oracle Cloud [4]. Access to cloud metadata can leak sensitive credentials, instance tokens, and configuration data, potentially leading to full cloud account compromise. The vulnerability expands the scope of the previous bypass (CVE-2025-68437) to now cover all blocked IPs, not just IPv6 endpoints [2][4].

Mitigation

Craft CMS has released patched versions 4.16.19 and 5.8.23, which fix the TOCTOU issue by eliminating the second DNS resolution or by performing a single atomic check and request [2][4]. Users are strongly advised to upgrade immediately. There is no official workaround; however, administrators should ensure that GraphQL Public Schema is not granted write permissions unless absolutely necessary [2]. The vulnerability is not currently listed in CISA’s Known Exploited Vulnerabilities (KEV) catalog as of this writing.

References

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
craftcms/cmsPackagist	>= 5.0.0-RC1, < 5.8.23	5.8.23
craftcms/cmsPackagist	>= 3.5.0, < 4.16.19	4.16.19

Affected products

Craftcms/Craft CMSllm-fuzzy
Range: >=4.5.0-RC1, <=4.16.18 || >=5.0.0-RC1, <=5.8.22
Craftcms/CMSv5
Range: >= 4.5.0-RC1, < 4.16.19

Patches

a4cf3fb63bba

Fixed GHSA-gp2f-7wcm-5fhx

https://github.com/craftcms/cmsbrandonkellyJan 14, 2026via ghsa

commit

2 files changed · +18 −8

CHANGELOG.md+1 −0 modified

@@ -3,6 +3,7 @@
 ## Unreleased
 
 - Fixed XSS vulnerabilities. (GHSA-6j87-m5qx-9fqp, GHSA-3jh3-prx3-w6wc)
+- Fixed an SSRF vulnerability. (GHSA-gp2f-7wcm-5fhx)
 
 ## 4.16.18 - 2026-01-09

src/gql/resolvers/mutations/Asset.php+17 −8 modified

@@ -25,6 +25,7 @@
 use GraphQL\Type\Definition\ResolveInfo;
 use GuzzleHttp\Client;
 use GuzzleHttp\RequestOptions;
+use GuzzleHttp\TransferStats;
 use Illuminate\Support\Collection;
 use Throwable;
 use yii\base\Exception;
@@ -268,6 +269,11 @@ protected function handleUpload(AssetElement $asset, array $fileInformation): bo
             $this->createGuzzleClient()->request('GET', $url, [
                 RequestOptions::ALLOW_REDIRECTS => false,
                 RequestOptions::SINK => $tempPath,
+                RequestOptions::ON_STATS => function(TransferStats $stats) use ($url) {
+                    if (!$this->validateIp($stats->getHandlerStat('primary_ip'))) {
+                        throw new UserError("$url resolves to an invalid IP address.");
+                    }
+                },
             ]);
         }
 
@@ -310,7 +316,7 @@ private function validateHostname(string $url): bool
             return false;
         }
 
-        // Check against well-known cloud metadata domains/IPs
+        // Check against well-known cloud metadata domains
         // h/t https://gist.github.com/BuffaloWill/fa96693af67e3a3dd3fb
         if (in_array($hostname, [
             'kubernetes.default',
@@ -323,15 +329,18 @@ private function validateHostname(string $url): bool
             return false;
         }
 
-        // make sure the hostname doesn’t resolve to a known cloud metadata IP
-        $ip = gethostbyname($hostname);
+        return true;
+    }
 
+    private function validateIp(string $ip): bool
+    {
+        // make sure the hostname doesn’t resolve to a known cloud metadata IP
+        // h/t https://gist.github.com/BuffaloWill/fa96693af67e3a3dd3fb
         if (in_array($ip, [
-            '169.254.169.254',
-            '169.254.170.2',
-            '169.254.169.254',
-            '100.100.100.200',
-            '192.0.0.192',
+            '169.254.169.254', // AWS, GCP, DO, Azure, Oracle, OpenStack/RackSpace
+            '169.254.170.2', // ECS
+            '100.100.100.200', // Alibaba
+            '192.0.0.192', // Oracle
         ])) {
             return false;
         }

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/advisories/GHSA-gp2f-7wcm-5fhxghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2026-27127ghsaADVISORY
curl.se/libcurl/c/CURLOPT_RESOLVE.htmlghsaWEB
github.com/craftcms/cms/commit/a4cf3fb63bba3249cf1e2882b18a2d29e77a8575ghsax_refsource_MISCWEB
github.com/craftcms/cms/security/advisories/GHSA-gp2f-7wcm-5fhxghsax_refsource_CONFIRMWEB
github.com/craftcms/cms/security/advisories/GHSA-x27p-wfqw-hfccghsax_refsource_MISCWEB
unit42.paloaltonetworks.com/dns-rebindingghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000