craftcms/cms Security Advisories for 4.16.18 (6)
-
[LOW] Craft CMS has Stored XSS in Table Field in its "Row Heading" Column Type
PKSA-cf9h-wtzj-5nwd GHSA-6j87-m5qx-9fqp
Affected version: >=5.0.0-RC1,<=5.8.22|>=4.5.0-beta.1,<=4.16.18
Reported by:
GitHub -
[MEDIUM] Craft CMS: Cloud Metadata SSRF Protection Bypass via IPv6 Resolution
PKSA-qgft-95tr-t5vt CVE-2026-27129 GHSA-v2gc-rm6g-wrw9
Affected version: >=3.5.0,<=4.16.18|>=5.0.0-RC1,<=5.8.22
Reported by:
GitHub -
[MEDIUM] Craft CMS Race condition in Token Service potentially allows for token usage greater than the token limit
PKSA-k33k-b5qw-yqgp CVE-2026-27128 GHSA-6fx5-5cw5-4897
Affected version: >=5.0.0-RC1,<=5.8.22|>=4.5.0-RC1,<=4.16.18
Reported by:
GitHub -
[HIGH] Craft CMS has Cloud Metadata SSRF Protection Bypass via DNS Rebinding
PKSA-ycmx-j7s8-wyxz CVE-2026-27127 GHSA-gp2f-7wcm-5fhx
Affected version: >=3.5.0,<=4.16.18|>=5.0.0-RC1,<=5.8.22
Reported by:
GitHub -
[MEDIUM] Craft CMS has Stored XSS in Table Field via "HTML" Column Type
PKSA-knkq-h2rk-yc48 CVE-2026-27126 GHSA-3jh3-prx3-w6wc
Affected version: >=5.0.0-RC1,<=5.8.22|>=4.5.0-RC1,<=4.16.18
Reported by:
GitHub -
[HIGH] Craft CMS: GraphQL Asset Mutation Privilege Escalation
PKSA-zjy6-pdtw-mck8 CVE-2026-25497 GHSA-fxp3-g6gw-4r4v
Affected version: >=4.0.0-RC1,<4.17.0-beta.1|>=5.0.0-RC1,<5.9.0-beta.1
Reported by:
GitHub