Software catalogue for Pixel & Tonic, Inc.

Craft CMS

Latest security bulletins

Secuity bulletin	Severity	Status	Published
SB20260417106: Multiple vulnerabilities in Craft CMS	Low	Patched	17.04.2026
SB20260417105: Improper Neutralization of Special Elements Used in a Template Engine in Craft CMS	Low	Patched	17.04.2026
SB20260417104: Improper access control in Craft CMS	Low	Patched	17.04.2026
SB2026032462: Multiple vulnerabilities in Craft CMS	Medium	Patched	24.03.2026
SB2026032461: Remote code execution in Craft CMS	Medium	Patched	24.03.2026
SB2026021833: Multiple vulnerabilities in Craft CMS	Medium	Patched Public exploit	18.02.2026
SB2026021831: Privilege escalation in Craft CMS	Medium	Patched	18.02.2026
SB2026010560: Multiple vulnerabilities in Craft CMS	High	Patched Public exploit	05.01.2026
SB2025060309: Improper input validation in Craft CMS	Medium	Patched Exploited	03.06.2025
SB2025050549: Authenticated SSTI in Craft CMS	Low	Patched Public exploit	05.05.2025