CVE-2026-40500 | ProcessWire CMS up to 3.0.255 Add Module module download server-side request forgery

A vulnerability was found in ProcessWire CMS up to 3.0.255. It has been rated as critical. The affected element is an unknown function of the component Add Module. This manipulation of the argument module download causes server-side request forgery.

This vulnerability is tracked as CVE-2026-40500. The attack is possible to be carried out remotely. No exploit exists.VulDB Recent EntriesRead More