CVE-2026-32270 | Craft CMS up to 4.10.2/5.5.4 actionPay email/shipping address/billing address information disclosure (GHSA-3vxg-x5f8-f5qf)

A vulnerability has been found in Craft CMS up to 4.10.2/5.5.4 and classified as problematic. Affected is the function actionPay. Performing a manipulation of the argument email/shipping address/billing address results in information disclosure.

This vulnerability was named CVE-2026-32270. The attack may be initiated remotely. There is no available exploit.

The affected component should be upgraded.VulDB Recent EntriesRead More