CVE-2026-25492

Exploit

EPSS 0.01%
Veröffentlicht 09.02.2026 19:33:24
Zuletzt bearbeitet 19.02.2026 19:12:55
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Craft CMS is a content management system. In Craft versions 3.5.0 through 4.16.17 and 5.0.0-RC1 through 5.8.21, the save_images_Asset GraphQL mutation can be abused to fetch internal URLs by providing a domain name that resolves to an internal IP address, bypassing hostname validation. When a non-image file extension such as .txt is allowed, downstream image validation is bypassed, which can allow an authenticated attacker with permission to use save_images_Asset to retrieve sensitive data such as AWS instance metadata credentials from the underlying host. This issue is patched in versions 4.16.18 and 5.8.22.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Craftcms ≫ Craft Cms Version >= 3.5.0 < 4.16.18

Craftcms ≫ Craft Cms Version >= 5.0.0 < 5.8.22

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.016

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
security-advisories@github.com	5.3	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-918 Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

https://github.com/craftcms/cms/releases/tag/5.8.22

Product

Release Notes

https://github.com/craftcms/cms/security/advisories/GHSA-96pq-hxpw-rgh8

Patch

Vendor Advisory

Exploit

https://github.com/craftcms/cms/commit/e838a221df2ab15cd54248f22fc8355d47df29ff

Patch

https://nvd.nist.gov/vuln/detail/CVE-2026-25492

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-25492

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-25492

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-25492