verbb/formie Security Advisories for 3.0.29 (2)
-
[HIGH] formie's unauthenticated front-end submission editing can overwrite existing submissions
PKSA-2h9w-qq3j-93vt CVE-2026-47266 GHSA-pgxq-p76c-x9cg
Affected version: <2.2.21|>=3.0.0,<3.1.26
Reported by:
GitHub -
[CRITICAL] Formie: Pre-authenticated server-side template injection in Hidden fields
PKSA-snft-3cv8-v5p5 CVE-2026-45697 GHSA-x7m9-mwc2-g6w2
Affected version: <2.2.20|>=3.0.0-beta.1,<3.1.24
Reported by:
GitHub