Security Advisory

CVE-2026-31317

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-04-17 00:00:00

Last updated 2026-04-20 14:59:43

Assigner mitre

State PUBLISHED

Description

Craftql v1.3.7 and before is vulnerable to Server-Side Request Forgery (SSRF) which allows an attacker to execute arbitrary code via the vendor/markhuot/craftql/src/Listeners/GetAssetsFieldSchema.php file

← Browse all CVEs View on cve.org ↗