High severity7.5NVD Advisory· Published Apr 17, 2026· Updated Apr 20, 2026
CVE-2026-31317
CVE-2026-31317
Description
Craftql v1.3.7 and before is vulnerable to Server-Side Request Forgery (SSRF) which allows an attacker to execute arbitrary code via the vendor/markhuot/craftql/src/Listeners/GetAssetsFieldSchema.php file
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
markhuot/craftqlPackagist | <= 1.3.7 | — |
Affected products
2Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.