CVE-2026-44012 | Craft CMS up to 5.9.17 actionShowInFolder authorization

A vulnerability was found in Craft CMS up to 5.9.17. It has been rated as problematic. This vulnerability affects the function AssetsController::actionShowInFolder. The manipulation leads to missing authorization.

This vulnerability is uniquely identified as CVE-2026-44012. The attack is possible to be carried out remotely. No exploit exists.

Upgrading the affected component is advised.VulDB Recent EntriesRead More