These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-31266 documents a Missing Authorization vulnerability in Craft CMS 5.9.5 and earlier, specifically affecting the migrate endpoint at `/actions/app/migrate`. The vulnerability was published to the CVE List on 2026-05-27 and carries a CVSS 3.1 score of 7.3 (HIGH severity), with a vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L indicating network-based attack with low complexity, no privilege [truncated]
CVE-2025-32432 is a Craft CMS code injection vulnerability that CISA added to its Known Exploited Vulnerabilities catalog on 2026-03-20. Because it is KEV-listed, defenders should treat it as actively relevant and follow the vendor’s mitigation guidance immediately. If mitigations are unavailable, CISA directs organizations to follow applicable BOD 22-01 guidance for cloud services or discontinue use of the product.
CVE-2025-35939 is a Craft CMS vulnerability described as an external control of an assumed-immutable web parameter. CISA added it to the Known Exploited Vulnerabilities catalog on 2025-06-02, which makes it a near-term defensive priority for any exposed Craft CMS deployment.
CVE-2024-56145 is a Craft CMS code injection vulnerability that CISA added to its Known Exploited Vulnerabilities catalog on 2025-06-02. That KEV listing means defenders should treat it as an urgent remediation item, especially for internet-facing or cloud-hosted Craft CMS deployments, and work from the official Craft CMS advisory and CISA guidance to mitigate exposure before the 2025-06-23 due date.
CVE-2025-23209 is a Craft CMS code injection vulnerability that CISA added to its Known Exploited Vulnerabilities catalog on 2025-02-20. The supplied corpus confirms known exploitation status and provides a vendor-directed response: apply mitigations per vendor instructions, or discontinue use of the product if mitigations are unavailable. The corpus does not include affected versions, severity, or exploit mechanics.