CVE-2026-31317

· NIST NVD ↗

Craftql v1.3.7 and before is vulnerable to Server-Side Request Forgery (SSRF) which allows an attacker to execute arbitrary code via the vendor/markhuot/craftql/src/Listeners/GetAssetsFieldSchema.php file

HIGH
CVSS severity
7.5
CVSS base score
2026-04-17
Published

CWE codes

CWE-918

Sources