CVE-2026-34747

Payload has an SQL Injection via Query Handling

CVSS 8.5 HIGHEPSS 0.3%CWE-89

Vexday Risk Score

21Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 8.5EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

01 abr 2026Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

Payload is a free and open source headless content management system. Prior to version 3.79.1, certain request inputs were not properly validated. An attacker could craft requests that influence SQL query execution, potentially exposing or modifying data in collections. This issue has been patched in version 3.79.1.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N

Produtos afetados

payloadcms · payload

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/payloadcms/payload/releases/tag/v3.79.1 https://github.com/payloadcms/payload/security/advisories/GHSA-7xxh-373w-35vg