SCA: security update for craftcms/cms (GHSA-c43v-4cr8-6mvp)

high Tenable Cloud Security Plugin ID 444550

Description

Craft CMS has authenticated path traversal in `assets/icon`, allowing local `.svg` file read

Solution

Update the craftcms/cms library and its related packages to version 4.17.7 or later.

See Also

https://github.com/advisories/GHSA-c43v-4cr8-6mvp

Plugin Details

Severity: High

ID: 444550

Version: Revision 1.1

Type: Local

Family: SCA Checks

Published: 7/9/2026

Updated: 7/9/2026

Vulnerability Information

Exploit Ease: No known exploits are available

Patch Publication Date: 7/9/2026

Vulnerability Publication Date: 7/9/2026

Reference Information

cwe: CWE-22