216.73.216.75

CVE-2026-47266

· Published 29/05/2026 20:16 · Modified 29/05/2026 20:21

Labels: CVE-2026-47266 2026-05-29CVE-2026-47266CWE-639[email protected]

Essential information

Published
29/05/2026 20:16
Modified
29/05/2026 20:21
Author
Creator
CVSS
8.7 HIGH (v3) 8.7 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Formie is a Craft CMS plugin for creating forms. Prior to 2.2.21 and 3.1.26, unauthenticated users could modify existing submissions by posting a known or guessed submission ID to formie/submissions/save-submission. This vulnerability is fixed in 2.2.21 and 3.1.26.

NVD status

Status
Deferred — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
craft / formie cpe:2.3:a:craft:formie:<2.2.21:*:*:*:*:*:*:*
craft / formie cpe:2.3:a:craft:formie:<3.1.26:*:*:*:*:*:*:*

References