VYPR

npm package

@delmaredigital/payload-puck

pkg:npm/%40delmaredigital/payload-puck

Vulnerabilities (1)

  • CVE-2026-39397CriApr 7, 2026
    affected < 0.6.23fixed 0.6.23

    @delmaredigital/payload-puck is a PayloadCMS plugin for integrating Puck visual page builder. Prior to 0.6.23, all /api/puck/* CRUD endpoint handlers registered by createPuckPlugin() called Payload's local API with the default overrideAccess: true, bypassing all collection-level