CVE-2026-31266
Received
Received - Intake
BaseFortify
Publication date: 2026-05-27
Last updated on: 2026-05-27
Assigner: MITRE
Description
Description
Craft CMS 5.9.5 and earlier contains a Missing Authorization vulnerability in the migrate endpoint (/actions/app/migrate).
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| craftcms | craft_cms | to 5.9.5 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-31266 is a Missing Authorization vulnerability found in Craft CMS version 5.9.5 and earlier. This vulnerability exists in the migrate endpoint located at /actions/app/migrate, where proper authorization checks are missing.
How can this vulnerability impact me? :
Because the migrate endpoint lacks proper authorization, an attacker could potentially perform migration actions without permission. This could lead to unauthorized changes or disruptions in the CMS environment.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70