oM noM Security Feeds cve
vulnerability context

CVE-2026-55794

EPSS 21%CWE-94OTX 3 pulses

Craft CMS is a content management system (CMS). In versions 5.9.0 and above prior to 5.10.0, control panel users with the ability to edit entries can execute unsandboxed Twig code via the HTTP Referrer header, potentially leading to authenticated RCE. The issue happens when a user is saving entries. Strings for a signed redirect URL are being compiled as a Twig template via renderObjectTemplate(), and while a sandboxed alternative already exists (renderSandboxedObjectTemplate()), it is not used in this case. This signed URL can be specified by users, as it is reflected in the “Referer” HTT...

Published 2026-07-02 · last modified 2026-07-02

details

CISA KEV status
Not in catalog
EPSS
21% percentile (score 0.0029)
CWE
CWE-94
OTX pulses
3 total, 0 recent

source mentions 2

source consensus

  • GitHub Advisories
  • Bluesky
Want the 3-bullet summary of CVE-2026-55794, plus webhook alerts when KEV is updated? Pro is $10/mo.