Medium severityNVD Advisory· Published Feb 27, 2026· Updated Apr 15, 2026
CVE-2026-3327
CVE-2026-3327
Description
Authenticated Iframe Injection in Dato CMS Web Previews plugin. This vulnerability permits a malicious authenticated user to circumvent the restriction enforced on the configured frontend URL, enabling the loading of arbitrary external resources or origins. This issue affects Web Previews < v1.0.31.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <1.0.31
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.