Craft CMS Vulnerability CVE-2026-55794 Allows Authenticated RCE via HTTP Referrer

Craft CMS Vulnerability CVE-2026-55794 Allows Authenticated RCE via HTTP Referrer

First seen 7 Jul 2026, 12:27 UTC Advisories.Gitlabnvd.nist.govgithub.com 87% similarity 57.9

Article Content

Browse articles
ThreatCluster

Craft CMS versions 5.9.0 and above prior to 5.10.0 are vulnerable to authenticated remote code execution (RCE) due to a flaw in how the control panel processes the HTTP Referrer header. Users with edit permissions can execute unsandboxed Twig code when saving entries, as the signed redirect URL is compiled as a Twig template without using a sandboxed alternative. This vulnerability has been assigned CVE-2026-55794 and was published on July 1, 2026. The issue has been addressed in Craft CMS version 5.10.0, and affected users are advised to update to this version or higher to mitigate the risk.

Key Points: • CVE-2026-55794 affects Craft CMS versions 5.9.0 to 5.9.9. • Authenticated users can exploit the vulnerability via the HTTP Referrer header. • The issue has been fixed in Craft CMS version 5.10.0.

ThreatCluster AI

Timeline

2026-07-01
CVE-2026-55794 published
Craft CMS vulnerability allowing authenticated RCE via HTTP Referrer header was disclosed.
nvd.nist.gov
2026-07-07
Patch released for Craft CMS
Craft CMS version 5.10.0 was released to address the RCE vulnerability.
Advisories.Gitlab

Community

Browse all →