Security Advisory

CVE-2026-34746

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-04-01 19:43:16

Last updated 2026-04-02 15:12:09

Assigner GitHub_M

State PUBLISHED

Description

Payload is a free and open source headless content management system. Prior to version 3.79.1, an authenticated Server-Side Request Forgery (SSRF) vulnerability exists in the upload functionality. Authenticated users with create or update access to an upload-enabled collection could cause the server to make outbound HTTP requests to arbitrary URLs. This issue has been patched in version 3.79.1.

← Browse all CVEs View on cve.org ↗