CVE-2026-28781 | Craft CMS prior 4.17.0-beta.1/5.9.0-beta.1 POST Request authorization (GHSA-2xfc-g69j-x2mp)
A vulnerability identified as problematic has been detected in Craft CMS. This affects an unknown function of the component POST Request Handler. This manipulation causes authorization bypass.
This vulnerability appears as CVE-2026-28781. The attack may be initiated remotely. There is no available exploit.
You should upgrade the affected component.