Security Advisory

CVE-2026-32266

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-03-18 03:46:00

Last updated 2026-03-18 18:08:06

Assigner GitHub_M

State PUBLISHED

Description

The Google Cloud Storage for Craft CMS plugin provides a Google Cloud Storage integration for Craft CMS. In versions on the 2.x branch prior to 2.2.1, the `DefaultController->actionLoadBucketData()` endpoint allows unauthenticated users with a valid CSRF token to view a list of buckets that the plugin is allowed to see. Users should update to version 2.2.1 of the plugin to mitigate the issue.

← Browse all CVEs View on cve.org ↗