CVE-2026-55792 | Craft CMS up to 4.17.x/5.9.x Database Password dataUrl information disclosure (GHSA-287w-mxq6-x2cp)

SecurityVulns

A vulnerability, which was classified as problematic, has been found in Craft CMS up to 4.17.x/5.9.x. This vulnerability affects the function dataUrl of the component Database Password Handler. The manipulation leads to information disclosure.

This vulnerability is traded as CVE-2026-55792. It is possible to initiate the attack remotely. There is no exploit available.

It is advisable to upgrade the affected component.VulDB Recent EntriesRead More