{"vulnerability": "cve-2026-5579", "sightings": [{"uuid": "bacb6a8c-8a0e-4f4f-9860-f29a8d54a55a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5579", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3miricpadg623", "content": "", "creation_timestamp": "2026-04-05T19:29:25.090451Z"}, {"uuid": "77c97333-0a1e-4f30-ba52-ef60739a19b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-55795", "type": "published-proof-of-concept", "source": "https://github.com/craftcms/commerce/security/advisories/GHSA-h5gm-x9wr-vhcm", "content": "", "creation_timestamp": "2026-06-16T05:04:11.000000Z"}, {"uuid": "61939138-27b0-4234-8da5-054700271747", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-55791", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpmpvmvzr52u", "content": "CVE-2026-55791 - Craft CMS: Blind SSRF and Arbitrary JavaScript Injection via Host Header Poisoning in actionResourceJs\nCVE ID : CVE-2026-55791\n \n Published : July 1, 2026, 11:13 p.m. | 32\u00a0minutes ago\n \n Description : Craft CMS is a content management system (CMS). Versions 4....", "creation_timestamp": "2026-07-01T23:58:19.318393Z"}, {"uuid": "23f2dd3f-2895-48e9-ab58-ebabc1668641", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-55790", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpmqagvqrn2p", "content": "CVE-2026-55790 - Craft CMS: DOM XSS via GitHub issue title in CraftSupport widget\nCVE ID : CVE-2026-55790\n \n Published : July 1, 2026, 10:57 p.m. | 48\u00a0minutes ago\n \n Description : Craft CMS is a content management system (CMS). In versions 5.0.0-RC1 through 5.9.22 and 4.0.0-RC...", "creation_timestamp": "2026-07-02T00:04:23.031145Z"}, {"uuid": "99fe4b1e-e4ff-443e-b77a-09285c3094ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-55794", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpmr7z6ifr2m", "content": "CVE-2026-55794 - Craft CMS: Potential authenticated Remote Code Execution via referrer redirect\nCVE ID : CVE-2026-55794\n \n Published : July 1, 2026, 11:26 p.m. | 20\u00a0minutes ago\n \n Description : Craft CMS is a content management system (CMS). In versions 5.9.0 and above prior t...", "creation_timestamp": "2026-07-02T00:22:01.235267Z"}, {"uuid": "db6568a2-beaa-4214-a73b-e9311e43fc65", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-55792", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpmrqnddb72m", "content": "CVE-2026-55792 - Craft CMS: Sensitive File Disclosure / Server-Side File Read\nCVE ID : CVE-2026-55792\n \n Published : July 1, 2026, 11:20 p.m. | 26\u00a0minutes ago\n \n Description : Craft CMS is a content management system (CMS). In versions starting from 4.0.0-RC1 and prior to 4.18...", "creation_timestamp": "2026-07-02T00:31:18.979700Z"}, {"uuid": "d89a2536-ae66-4ec0-a221-d9682b6b7cce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-55793", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mpoaley52l2b", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-55793 \u0432 Craft CMS: \u0443\u0433\u0440\u043e\u0437\u044b, \u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/791437DA-AF6B-47B3-BD54-B2E5E2D88E74", "creation_timestamp": "2026-07-02T14:29:28.373181Z"}, {"uuid": "9187b73a-7bb6-4bd2-b1dd-756d680d553e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-55790", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mpoeaxpefn2b", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-55790 \u0432 Craft CMS: \u0443\u0433\u0440\u043e\u0437\u044b, \u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/BD17E3E3-4106-489F-9ED7-5D492078FC2E", "creation_timestamp": "2026-07-02T15:35:16.632633Z"}, {"uuid": "bd8b036e-e6bd-444c-a601-f7ece15d1026", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-55794", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mpohgzzjzh2n", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-55794 \u0432 Craft CMS: \u0443\u0433\u0440\u043e\u0437\u044b, \u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/FC4B658E-B962-44D6-81BB-CCDDB3ADEA54", "creation_timestamp": "2026-07-02T16:32:18.926970Z"}, {"uuid": "9f173604-809d-47a0-ae4d-89237de42c5e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-55791", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mpohhzys7f2w", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-55791 \u0432 Craft CMS: \u0443\u0433\u0440\u043e\u0437\u044b, \u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/456D43CC-BF16-4D28-B16D-105D138C388B", "creation_timestamp": "2026-07-02T16:32:52.551626Z"}, {"uuid": "fc9ba849-3645-4ad7-b085-02e691cae621", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-55792", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mpohizofjh2u", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-55792 \u0432 Craft CMS: \u0443\u0433\u0440\u043e\u0437\u044b \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/16998440-7542-46D6-8484-7484AF6ABA1E", "creation_timestamp": "2026-07-02T16:33:25.615938Z"}, {"uuid": "a14036c3-cddb-4e3c-94ac-e2fe3ffa6209", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-55798", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpyxjwnuh72v", "content": "CVE-2026-55798 - Pillow: WindowsViewer.get_command() OS command injection via unescaped shell path\nCVE ID : CVE-2026-55798\n \n Published : July 6, 2026, 7:17 p.m. | 31\u00a0minutes ago\n \n Description : Pillow is a Python imaging library. Prior to 12.3.0, WindowsViewer.get_command() ...", "creation_timestamp": "2026-07-06T20:46:53.792938Z"}, {"uuid": "345aa131-80e2-45fc-a9bc-3ed0588c02f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-55790", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mpz5cgz3sz2k", "content": "CVE-2026-55790 - cms\nAn attacker can inject malicious code into the Craft CMS admin panel by creating a fake issue on GitHub. This could allow the attacker to take control of the admin panel without\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#cms #craftcms #composer #CVE #infosec", "creation_timestamp": "2026-07-06T22:30:04.618273Z"}, {"uuid": "c1ccb68b-bd66-4a49-9ea4-24d867ca2039", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-55792", "type": "seen", "source": "https://gist.github.com/alon710/42394c2aa3975303824ce1e33bac787e", "content": "# CVE-2026-55792: CVE-2026-55792: Sensitive File Disclosure in Craft CMS via Twig Sandbox Bypass\n\n&gt; **CVSS Score:** 6.0\n&gt; **Published:** 2026-07-06\n&gt; **Full Report:** https://cvereports.com/reports/CVE-2026-55792\n\n## Summary\nCVE-2026-55792 represents a sensitive file disclosure vulnerability in Craft CMS. The issue arises from the inclusion of the `dataUrl()` function in the Twig sandbox allowlist combined with incomplete path validation inside the underlying helper method. Attackers with low-privileged control panel access can exploit this flaw to read and exfiltrate the `.env` configuration file.\n\n## TL;DR\nLow-privileged users with template customizer access can read sensitive local files like `.env` using a sandbox bypass, leading to full database credential and security key compromise.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-200\n- **Attack Vector**: Network\n- **CVSS 4.0 Score**: 6.0\n- **EPSS Score**: 0.00268\n- **Impact**: Sensitive Information Disclosure / Local File Read\n- **Exploit Status**: PoC in technical advisories\n- **CISA KEV Status**: Not Listed\n\n## Affected Systems\n\n- Craft CMS 4.x\n- Craft CMS 5.x\n- **Craft CMS**: &gt;= 4.0.0-RC1, &lt; 4.18.0 (Fixed in: `4.18.0`)\n- **Craft CMS**: &gt;= 5.0.0-RC1, &lt; 5.10.0 (Fixed in: `5.10.0`)\n\n## Mitigation\n\n- Upgrade Craft CMS to versions 4.18.0, 5.10.0, or newer.\n- Revoke the 'utility:system-messages' permission from non-administrative users.\n- Manually modify twig-sandbox.php config to strip the dataUrl function.\n\n**Remediation Steps:**\n1. Run 'composer update craftcms/cms' to pull the latest security release.\n2. Verify the installation of version 4.18.0+ or 5.10.0+.\n3. Inspect the database table 'systemmessages' for any unauthorized template injections containing 'dataUrl'.\n\n## References\n\n- [GitHub Security Advisory GHSA-287w-mxq6-x2cp](https://github.com/craftcms/cms/security/advisories/GHSA-287w-mxq6-x2cp)\n- [Craft CMS Pull Request 18559](https://github.com/craftcms/cms/pull/18559)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-55792) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-07-06T21:42:10.955204Z"}, {"uuid": "f73716ce-d4a2-4b40-9e04-68b1f3478603", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-55794", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mpz5fz56bt2l", "content": "CVE-2026-55794 - cms\nCraft CMS versions 5.9.0 to 5.10.0 are vulnerable to a security risk where attackers can execute malicious code on a website. This can happen when a user saves entries, allowing\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#cms #craftcms #composer #CVE #infosec", "creation_timestamp": "2026-07-06T22:32:04.311681Z"}, {"uuid": "56d35e45-76a5-4d64-9195-2216c720b08d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-55793", "type": "published-proof-of-concept", "source": "https://github.com/craftcms/cms/security/advisories/GHSA-xrqc-p465-2xvg", "content": "", "creation_timestamp": "2026-07-06T22:35:07.514024Z"}, {"uuid": "27c0c4b3-a0b0-4a5d-bc5d-d8c491b7c1e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-55794", "type": "seen", "source": "https://gist.github.com/alon710/8f065297b373724c4dd370345047c8bb", "content": "# CVE-2026-55794: CVE-2026-55794: Authenticated Remote Code Execution via Template Injection in Craft CMS\n\n&gt; **CVSS Score:** 8.7\n&gt; **Published:** 2026-07-06\n&gt; **Full Report:** https://cvereports.com/reports/CVE-2026-55794\n\n## Summary\nCraft CMS versions 5.9.0 through 5.9.9 are vulnerable to authenticated Remote Code Execution (RCE). An attacker with control panel permissions to edit entries can inject malicious Twig templates into the client-side HTTP Referer header. During the post-save redirect sequence, the server evaluates this user-controlled header using an unsandboxed Twig rendering function, leading to arbitrary system command execution.\n\n## TL;DR\nAn authenticated remote code execution vulnerability in Craft CMS allows users with entry editing permissions to execute arbitrary system commands by injecting Twig template payloads into the HTTP Referer header during post-save redirects.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-1336 / CWE-94\n- **Attack Vector**: Network (Authenticated)\n- **CVSS Score**: 8.7 (High)\n- **EPSS Score**: 0.00293 (Percentile: 21.12%)\n- **Impact**: Full Unsandboxed Remote Code Execution (RCE)\n- **Exploit Status**: PoC / Highly Exploitable\n- **KEV Status**: Not listed\n\n## Affected Systems\n\n- Craft CMS\n- **Craft CMS**: &gt;= 5.9.0, &lt; 5.10.0 (Fixed in: `5.10.0`)\n\n## Mitigation\n\n- Upgrade Craft CMS instances to version 5.10.0 or higher.\n- Implement Web Application Firewall (WAF) rules to inspect and sanitize the Referer HTTP header on control panel endpoints.\n- Deploy intrusion detection rules to flag anomalous characters like curly braces in HTTP Referer headers targeting elements/save-entry actions.\n\n**Remediation Steps:**\n1. Run 'composer update craftcms/cms' to update the application to version 5.10.0 or newer.\n2. Verify the update by checking that the returnUrl parameter contains cryptographically signed hashes in control panel links.\n3. Perform a log audit on web server access logs for historic POST requests containing Twig patterns in the Referer header.\n\n## References\n\n- [Craft CMS Security Advisory GHSA-f74w-488g-8x5r](https://github.com/craftcms/cms/security/advisories/GHSA-f74w-488g-8x5r)\n- [Craft CMS Pull Request #18680](https://github.com/craftcms/cms/pull/18680)\n- [CVE-2026-55794 Official CVE Record](https://www.cve.org/CVERecord?id=CVE-2026-55794)\n- [NVD Vulnerability Page for CVE-2026-55794](https://nvd.nist.gov/vuln/detail/CVE-2026-55794)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-55794) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-07-07T01:11:51.176512Z"}, {"uuid": "34e4b320-c820-4ff6-a026-94d690a1f76d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-55793", "type": "seen", "source": "https://gist.github.com/alon710/1b2e654724e66f79f392f0bd62b60dc4", "content": "# CVE-2026-55793: CVE-2026-55793: Stored DOM-Based Cross-Site Scripting in Craft CMS ElementTableSorter\n\n&gt; **CVSS Score:** 5.9\n&gt; **Published:** 2026-07-06\n&gt; **Full Report:** https://cvereports.com/reports/CVE-2026-55793\n\n## Summary\nCVE-2026-55793 is a DOM-based Stored Cross-Site Scripting (XSS) vulnerability affecting Craft CMS versions 5.0.0-RC1 through 5.9.22. An authenticated user with minimum Author privileges can store a malicious payload in an entry's title. When an administrator or high-privileged user performs a drag-and-drop operation under the modified entry in the structure table view, the unescaped payload is retrieved and concatenated into raw HTML, resulting in arbitrary JavaScript execution within the context of the administrative session.\n\n## TL;DR\nA DOM-based Stored XSS in Craft CMS (5.0.0-RC1 to 5.9.22) allows low-privileged authors to execute arbitrary JavaScript in admin sessions when admins perform drag-and-drop operations on affected entry structures.\n\n## Technical Details\n\n- **CWE ID**: CWE-79\n- **Attack Vector**: Network\n- **CVSS Base Score**: 5.9 (Medium) - CVSS v4.0\n- **EPSS Score**: 0.00412\n- **Impact**: High Integrity Compromise (Session Takeover / Privilege Escalation)\n- **Exploit Status**: Proof-of-Concept / Technical Analysis Available\n- **CISA KEV Status**: Not Listed\n\n## Affected Systems\n\n- Craft CMS\n- **cms**: &gt;= 5.0.0-RC1, &lt;= 5.9.22 (Fixed in: `5.9.23`)\n\n## Mitigation\n\n- Upgrade Craft CMS instances to version 5.9.23 or higher.\n- Restrict 'saveEntries' and structure management privileges to trusted administrative accounts.\n- Deploy Web Application Firewall (WAF) filters to monitor entry saving actions for event handlers inside text properties.\n\n**Remediation Steps:**\n1. Navigate to the root directory of the Craft CMS deployment.\n2. Execute the dependency manager update command: composer update craftcms/cms.\n3. Verify the installed version is 5.9.23 or above using: php craft help.\n4. Clear the compiled control panel resource cache to force loading of the updated ElementTableSorter.js asset.\n\n## References\n\n- [Craft CMS GitHub Fix Commit](https://github.com/craftcms/cms/commit/162321e899cc97517fb6f5a02b5528f549d0c6cc)\n- [Craft CMS GitHub Security Advisory](https://github.com/craftcms/cms/security/advisories/GHSA-xrqc-p465-2xvg)\n- [CVE-2026-55793 CVE Record](https://www.cve.org/CVERecord?id=CVE-2026-55793)\n- [Wiz Vulnerability Database Advisory](https://www.wiz.io/vulnerability-database/cve/cve-2026-55793)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-55793) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-07-07T01:42:10.898157Z"}, {"uuid": "80356492-404d-4cf1-9e92-a45885476990", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-55790", "type": "seen", "source": "https://gist.github.com/alon710/3d0e76ebb14fa6d7f10ac4854f1f3070", "content": "# CVE-2026-55790: CVE-2026-55790: DOM-Based Cross-Site Scripting in Craft CMS Support Widget\n\n&gt; **CVSS Score:** 7.4\n&gt; **Published:** 2026-07-06\n&gt; **Full Report:** https://cvereports.com/reports/CVE-2026-55790\n\n## Summary\nA DOM-based cross-site scripting (XSS) vulnerability exists in Craft CMS versions 4.0.0-RC1 through 4.17.15 and 5.0.0-RC1 through 5.9.22. The flaw resides within the CraftSupport widget's feedback search component, which fails to neutralize GitHub issue titles before rendering them into the administrator's control panel. An unauthenticated attacker can exploit this vulnerability by submitting a crafted issue to the public Craft CMS repository on GitHub.\n\n## TL;DR\nUnauthenticated DOM-based XSS in Craft CMS Support Widget via untrusted GitHub API issue titles, patched in 4.17.16 and 5.9.23.\n\n## Technical Details\n\n- **CWE ID**: CWE-79\n- **Attack Vector**: Network\n- **CVSS v4.0 Score**: 7.4 (High)\n- **EPSS Score**: 0.00311 (Percentile: 22.91%)\n- **Impact**: Administrative Session Hijacking / Remote Code Execution\n- **Exploit Status**: PoC / None detected in wild\n- **CISA KEV Status**: Not Listed\n\n## Affected Systems\n\n- Craft CMS\n\n## Mitigation\n\n- Update Craft CMS to patched versions\n- Disable or remove the CraftSupport widget from administrative dashboards\n- Implement a robust Content Security Policy (CSP)\n\n**Remediation Steps:**\n1. Identify the current running version of Craft CMS on your systems.\n2. Update Craft CMS v4.x instances to 4.17.16 or later, or v5.x instances to 5.9.23 or later.\n3. If immediate patching is impossible, remove the CraftSupport widget from the dashboard configuration.\n4. Verify the application of the patch by checking CraftSupportWidget.js for proper HTML escaping.\n\n## References\n\n- [Official GitHub Security Advisory](https://github.com/craftcms/cms/security/advisories/GHSA-24x4-j6x9-rfw5)\n- [Official Fix Commit](https://github.com/craftcms/cms/commit/6bbb66038a268552180ca5c8eed9f46ea25a4417)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-55790) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-07-07T02:12:20.742817Z"}]}