CVE-2026-31317

216.73.217.22

· Published 17/04/2026 14:16 · Modified 17/04/2026 15:30

Labels: CVE-2026-31317 2026-04-17 CVE-2026-31317 [email protected]

Essential information

Published: 17/04/2026 14:16
Modified: 17/04/2026 15:30
Author: —
Creator: —
CISA KEV: No
CWE: —
CVSS vector

Description

Craftql v1.3.7 and before is vulnerable to Server-Side Request Forgery (SSRF) which allows an attacker to execute arbitrary code via the vendor/markhuot/craftql/src/Listeners/GetAssetsFieldSchema.php file

NVD status

Status: Deferred — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
markhuot / craftql	`cpe:2.3:a:markhuot:craftql::::::::`

CVE-2026-31317

Essential information

Description

NVD status

Affected products (CPE)

References