CVE-2026-50279 | Craft CMS up to 5.9.20 Edit Permission actionSaveEntry improper authorization (GHSA-qq2c-2q8j-jh27)
A vulnerability classified as critical was found in Craft CMS up to 5.9.20. This affects the function theEntriesController::actionSaveEntry of the component Edit Permission Handler. Executing a manipulation can lead to improper authorization.
This vulnerability appears as CVE-2026-50279. The attack may be performed from remote. There is no available exploit.
Upgrading the affected component is advised.VulDB Recent EntriesRead More