CVE-2026-55794 | Craft CMS up to 5.9.x HTTP Request Header renderObjectTemplate special elements used in a template engine (GHSA-f74w-488g-8x5r)
A vulnerability classified as critical has been found in Craft CMS up to 5.9.x. Affected by this issue is the function renderObjectTemplate of the component HTTP Request Header Handler. Performing a manipulation results in improper neutralization of special elements used in a template engine.
This vulnerability is reported as CVE-2026-55794. The attack is possible to be carried out remotely. No exploit exists.
It is recommended to upgrade the affected component.VulDB Recent EntriesRead More