CVE-2026-55791 | Craft CMS up to 4.17.x/5.9.x URL Validation /actions/app/resource-js baseUrl server-side request forgery (GHSA-c55v-343g-5xff)
A vulnerability classified as critical was found in Craft CMS up to 4.17.x/5.9.x. Impacted is an unknown function of the file /actions/app/resource-js of the component URL Validation Handler. The manipulation of the argument baseUrl results in server-side request forgery.
This vulnerability is reported as CVE-2026-55791. The attack can be launched remotely. No exploit exists.
Upgrading the affected component is advised.VulDB Recent EntriesRead More