CVE-2026-31266 | THREATINT

Description

Craft CMS 5.9.5 and earlier contains a Missing Authorization vulnerability in the migrate endpoint (/actions/app/migrate).

PUBLISHED Reserved 2026-03-09 | Published 2026-05-27 | Updated 2026-05-27 | Assigner mitre

References

github.com/0xrixet/Craftcms-PoC-CVE-2026-31266 exploit

github.com/craftcms/cms

github.com/0xrixet/cms-security-poc

cve.org (CVE-2026-31266)

nvd.nist.gov (CVE-2026-31266)

Download JSON

help @ threatint.eu