0.0
NA
CVE-2026-55792
Craft CMS: Sensitive File Disclosure / Server-Side File Read
Description

Craft CMS is a content management system (CMS). In versions starting from 4.0.0-RC1 and prior to 4.18.0, and 5.0.0-RC1 and above, prior to 5.10.0, the dataUrl() Twig function is included in Craft’s Twig sandbox allowlist, allowing any control panel user granted the utility:system-messages permission to embed a file-reading payload into system email templates. When those emails are sent, the server reads the target file and returns its contents as a base64-encoded data URL embedded in the email body. The .env file, which typically contains the database password, CRAFT_SECURITY_KEY, and third-party API keys, passes all of Craft’s existing dataUrl() protection checks and is fully exfiltrated. Obtaining CRAFT_SECURITY_KEY enables an attacker to forge session tokens and escalate to full admin account takeover. This issue has been fixed in versions 4.18.0 and 5.10.0.

INFO

Published Date :

July 1, 2026, 11:20 p.m.

Last Modified :

July 1, 2026, 11:20 p.m.

Remotely Exploit :

No

Source :

GitHub_M
Affected Products

The following products are affected by CVE-2026-55792 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

No affected product recoded yet

Solution
Update Craft CMS to patched versions to prevent arbitrary file reading and potential account takeover.
  • Update Craft CMS to version 4.18.0 or 5.10.0.
  • Ensure system emails are not sent with unauthorized permissions.
  • Review file access controls for sensitive data.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2026-55792 vulnerability anywhere in the article.

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.