CVE-2026-50280 | Craft CMS up to 5.9.20 actionMoveToSection section access control (GHSA-43cq-c2gq-pfpw)

SecurityVulns

A vulnerability described as critical has been identified in Craft CMS up to 5.9.20. Affected by this vulnerability is the function EntriesController::actionMoveToSection. Such manipulation of the argument section leads to improper access controls.

This vulnerability is documented as CVE-2026-50280. The attack can be executed remotely. There is not any exploit available.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More