CVE-2026-31266 | Craft CMS up to 5.9.5 Migrate Endpoint /actions/app/migrate missing authentication

A vulnerability marked as critical has been reported in Craft CMS up to 5.9.5. This impacts an unknown function of the file /actions/app/migrate of the component Migrate Endpoint. The manipulation leads to missing authentication.

This vulnerability is traded as CVE-2026-31266. It is possible to initiate the attack remotely. There is no exploit available.VulDB Recent EntriesRead More