Description

Craftql v1.3.7 and before is vulnerable to Server-Side Request Forgery (SSRF) which allows an attacker to execute arbitrary code via the vendor/markhuot/craftql/src/Listeners/GetAssetsFieldSchema.php file

INFO

Published Date :

2026-04-17T00:00:00.000Z

Last Modified :

2026-04-17T13:44:19.925Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2026-31317 vulnerability.

Vendors Products
Markhuot
  • Craftql
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-31317.

URL Resource
https://github.com/markhuot/craftql cve-icon cve-icon
https://github.com/stormmmg/craftql_ssrf/ cve-icon cve-icon
https://github.com/stormmmg/craftql_ssrf/blob/master/craftql-ssrf-en/README_detail.md cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System