Packagist (Composer) package
craftcms/craft
pkg:composer/craftcms/craft
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-25492 | — | >= 5.0.0-RC1, < 5.8.22 | 5.8.22 | Feb 9, 2026 | Craft CMS is a content management system. In Craft versions 3.5.0 through 4.16.17 and 5.0.0-RC1 through 5.8.21, the save_images_Asset GraphQL mutation can be abused to fetch internal URLs by providing a domain name that resolves to an internal IP address, bypassing hostname valid |
- CVE-2026-25492Feb 9, 2026affected >= 5.0.0-RC1, < 5.8.22fixed 5.8.22
Craft CMS is a content management system. In Craft versions 3.5.0 through 4.16.17 and 5.0.0-RC1 through 5.8.21, the save_images_Asset GraphQL mutation can be abused to fetch internal URLs by providing a domain name that resolves to an internal IP address, bypassing hostname valid