Actively Exploited in the Wild

This vulnerability is being actively exploited in the wild.

Primary

Context

Craft CMS Remote Code Execution Vulnerability

Vulnerability

Exploited

Patched

A remote code execution vulnerability exists in Craft CMS versions 3.0.0-RC1 prior to 3.9.15, 4.0.0-RC1 prior to 4.14.15, and 5.0.0-RC1 prior to 5.6.17. This vulnerability allows for high-impact exploitation with low complexity.

Impact

Exploitation of this vulnerability allows for remote code execution on the server where Craft CMS is installed.

Remediation

Users are advised to update to Craft CMS versions 3.9.15, 4.14.15, or 5.6.17.

Added: Jun 9, 2025, 7:46 PM

Updated: Mar 20, 2026, 3:33 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

7.5

exploitability

10.0

remediation

7.7

relevance

0.0

threat

9.9

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

7.5

exploitability

10.0

remediation

7.7

relevance

0.0

threat

9.9

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Actively Exploited in the Wild

Craft CMS Remote Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Craft CMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating