CVE-2026-34747

high

Description

Payload is a free and open source headless content management system. Prior to version 3.79.1, certain request inputs were not properly validated. An attacker could craft requests that influence SQL query execution, potentially exposing or modifying data in collections. This issue has been patched in version 3.79.1.

References

https://github.com/payloadcms/payload/security/advisories/GHSA-7xxh-373w-35vg

https://github.com/payloadcms/payload/releases/tag/v3.79.1

Details

Source: Mitre, NVD

Published: 2026-04-01

Updated: 2026-04-03

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:P/A:N

Severity: High

CVSS v3

Base Score: 8.5

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N

Severity: High

EPSS

EPSS: 0.00048