VYPR

Craftql Ssrf

by Stormmmg

Source repositories

CVEs (1)

  • CVE-2026-31317HigApr 17, 2026
    risk 0.49cvss 7.5epss 0.00

    Craftql v1.3.7 and before is vulnerable to Server-Side Request Forgery (SSRF) which allows an attacker to execute arbitrary code via the vendor/markhuot/craftql/src/Listeners/GetAssetsFieldSchema.php file

VYPR — Vulnerability Intelligence