{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-08T15:27:52.478","vulnerabilities":[{"cve":{"id":"CVE-2026-27127","sourceIdentifier":"security-advisories@github.com","published":"2026-02-24T03:16:02.440","lastModified":"2026-02-25T19:31:05.077","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Craft is a content management system (CMS). In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, the SSRF validation in Craft CMS’s GraphQL Asset mutation performs DNS resolution separately from the HTTP request. This Time-of-Check-Time-of-Use (TOCTOU) vulnerability enables DNS rebinding attacks, where an attacker’s DNS server returns different IP addresses for validation compared to the actual request. This is a bypass of the security fix for CVE-2025-68437 that allows access to all blocked IPs, not just IPv6 endpoints. Exploitation requires GraphQL schema permissions for editing assets in the `<VolumeName>` volume and creating assets in the `<VolumeName>` volume. These permissions may be granted to authenticated users with appropriate GraphQL schema access and/or Public Schema (if misconfigured with write permissions). Versions 4.16.19 and 5.8.23 patch the issue."},{"lang":"es","value":"Craft es un sistema de gestión de contenido (CMS). En las versiones 4.5.0-RC1 hasta la 4.16.18 y 5.0.0-RC1 hasta la 5.8.22, la validación de SSRF en la mutación GraphQL Asset de Craft CMS realiza la resolución DNS separadamente de la solicitud HTTP. Esta vulnerabilidad de Tiempo de Verificación-Tiempo de Uso (TOCTOU) permite ataques de reencuadernación de DNS, donde el servidor DNS de un atacante devuelve diferentes direcciones IP para la validación en comparación con la solicitud real. Esto es un bypass de la corrección de seguridad para CVE-2025-68437 que permite el acceso a todas las IP bloqueadas, no solo a los puntos finales IPv6. La explotación requiere permisos de esquema GraphQL para editar activos en el volumen `` y crear activos en el volumen ``. Estos permisos pueden ser otorgados a usuarios autenticados con acceso apropiado al esquema GraphQL y/o Esquema Público (si está mal configurado con permisos de escritura). Las versiones 4.16.19 y 5.8.23 parchean el problema."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":4.0}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-367"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:craftcms:craft_cms:*:*:*:*:*:*:*:*","versionStartIncluding":"3.5.1","versionEndExcluding":"4.16.19","matchCriteriaId":"A5375BC8-3E29-48A4-AE56-1B544F736CFA"},{"vulnerable":true,"criteria":"cpe:2.3:a:craftcms:craft_cms:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0.1","versionEndExcluding":"5.8.23","matchCriteriaId":"6DF22B83-BC96-49B9-9694-F6F2688409AA"},{"vulnerable":true,"criteria":"cpe:2.3:a:craftcms:craft_cms:3.5.0:-:*:*:*:*:*:*","matchCriteriaId":"6DBDF2E4-0F24-4B10-8FF1-83C2F67A45D4"},{"vulnerable":true,"criteria":"cpe:2.3:a:craftcms:craft_cms:5.0.0:-:*:*:*:*:*:*","matchCriteriaId":"1C7461CF-35AB-48E1-88B6-956DAE1D2AB4"},{"vulnerable":true,"criteria":"cpe:2.3:a:craftcms:craft_cms:5.0.0:rc1:*:*:*:*:*:*","matchCriteriaId":"8D8E02D1-601A-4E2B-B619-4775BFDB72D0"}]}]}],"references":[{"url":"https://github.com/craftcms/cms/commit/a4cf3fb63bba3249cf1e2882b18a2d29e77a8575","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/craftcms/cms/security/advisories/GHSA-gp2f-7wcm-5fhx","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://github.com/craftcms/cms/security/advisories/GHSA-x27p-wfqw-hfcc","source":"security-advisories@github.com","tags":["Exploit","Patch","Vendor Advisory"]}]}}]}