Description

Payload is a free and open source headless content management system. Prior to 3.75.0, a Server-Side Request Forgery (SSRF) vulnerability exists in Payload's external file upload functionality. When processing external URLs for file uploads, insufficient validation of HTTP redirects could allow an authenticated attacker to access internal network resources. The Payload environment must have at least one collection with `upload` enabled and a user who has `create` access to that upload-enabled collection in order to be vulnerable. An authenticated user with upload collection write permissions could potentially access internal services. Response content from internal services could be retrieved through the application. This vulnerability has been patched in v3.75.0. As a workaround, one may mitigate this vulnerability by disabling external file uploads via the `disableExternalFile` upload collection option, or by restricting `create` access on upload-enabled collections to trusted users only.

INFO

Published Date :

2026-02-24T14:22:37.803Z

Last Modified :

2026-02-27T19:03:28.091Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-27567 vulnerability.

Vendors Products
Payloadcms
  • Payload
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-27567.

URL Resource
https://github.com/payloadcms/payload/commit/1041bb6 cve-icon cve-icon
https://github.com/payloadcms/payload/releases/tag/v3.75.0 cve-icon cve-icon
https://github.com/payloadcms/payload/security/advisories/GHSA-hhfx-5x8j-f5f6 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact