CVE-2026-27129 | Craft CMS up to 4.16.18/5.8.22 gethostbyname server-side request forgery (GHSA-v2gc-rm6g-wrw9)

A vulnerability was found in Craft CMS up to 4.16.18/5.8.22. It has been classified as critical. This impacts the function gethostbyname. Performing a manipulation results in server-side request forgery.

This vulnerability is cataloged as CVE-2026-27129. It is possible to initiate the attack remotely. There is no exploit available.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More