CVE-2026-50280 | Craft CMS up to 5.9.20 actionMoveToSection section access control (GHSA-43cq-c2gq-pfpw)
A vulnerability described as critical has been identified in Craft CMS up to 5.9.20. Affected by this vulnerability is the function EntriesController::actionMoveToSection. Such manipulation of the argument section leads to improper access controls.
This vulnerability is documented as CVE-2026-50280. The attack can be executed remotely. There is not any exploit available.
Upgrading the affected component is recommended.VulDB Recent EntriesRead More