contao/core-bundle Security Advisories for 5.7.3 (3)
-
Server-side request forgery (SSRF) via unvalidated RSS feed URLs
PKSA-yx24-z15d-x2k7 CVE-2026-57232
Affected version: >=5.3.35,<5.3.48|>=5.4.0,<5.7.9
Reported by:
FriendsOfPHP/security-advisories -
Path traversal in the jobs module
PKSA-4ps2-832y-6pns CVE-2026-55825
Affected version: >=5.7.0,<5.7.7
Reported by:
FriendsOfPHP/security-advisories -
Credentials disclosure in the crawler
PKSA-f8tt-pn3h-s2tw CVE-2026-55824
Affected version: >=4.13.0,<5.3.47|>=5.4.0,<5.7.7
Reported by:
FriendsOfPHP/security-advisories