VYPR

Packagist (Composer) package

craftcms/craft

pkg:composer/craftcms/craft

Vulnerabilities (1)

  • CVE-2026-25492Feb 9, 2026
    affected >= 5.0.0-RC1, < 5.8.22fixed 5.8.22

    Craft CMS is a content management system. In Craft versions 3.5.0 through 4.16.17 and 5.0.0-RC1 through 5.8.21, the save_images_Asset GraphQL mutation can be abused to fetch internal URLs by providing a domain name that resolves to an internal IP address, bypassing hostname valid