CVE-2026-47266
- Source
- https://cve.org/CVERecord?id=CVE-2026-47266
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-47266.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2026-47266
- Aliases
- Published
- 2026-05-29T19:03:43.175Z
- Modified
- 2026-05-31T04:02:42.592693834Z
- Severity
-
- 8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- Formie: Unauthenticated front-end submission editing can overwrite existing submissions
- Details
-
Formie is a Craft CMS plugin for creating forms. Prior to 2.2.21 and 3.1.26, unauthenticated users could modify existing submissions by posting a known or guessed submission ID to formie/submissions/save-submission. This vulnerability is fixed in 2.2.21 and 3.1.26.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/47xxx/CVE-2026-47266.json", "cwe_ids": [ "CWE-639" ], "cna_assigner": "GitHub_M" }- References
-
- https://github.com/verbb/formie/releases/tag/2.2.21
- https://github.com/verbb/formie/releases/tag/3.1.26
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/47xxx/CVE-2026-47266.json
- https://github.com/verbb/formie/security/advisories/GHSA-pgxq-p76c-x9cg
- https://nvd.nist.gov/vuln/detail/CVE-2026-47266
Affected packages
Git / github.com/verbb/formie
Affected versions
3.*
3.0.0
3.0.0-beta.1
3.0.0-beta.10
3.0.0-beta.11
3.0.0-beta.12
3.0.0-beta.13
3.0.0-beta.14
3.0.0-beta.15
3.0.0-beta.16
3.0.0-beta.17
3.0.0-beta.18
3.0.0-beta.19
3.0.0-beta.2
3.0.0-beta.20
3.0.0-beta.3
3.0.0-beta.4
3.0.0-beta.5
3.0.0-beta.7
3.0.0-beta.8
3.0.0-beta.9
3.0.1
3.0.10
3.0.11
3.0.12
3.0.13
3.0.14
3.0.15
3.0.16
3.0.17
3.0.18
3.0.19
3.0.2
3.0.20
3.0.21
3.0.22
3.0.23
3.0.24
3.0.25
3.0.26
3.0.27
3.0.28
3.0.29
3.0.3
3.0.30
3.0.31
3.0.32
3.0.4
3.0.5
3.0.6
3.0.7
3.0.8
3.0.9
3.1.0
3.1.1
3.1.10
3.1.11
3.1.12
3.1.13
3.1.14
3.1.15
3.1.16
3.1.17
3.1.18
3.1.19
3.1.2
3.1.20
3.1.21
3.1.22
3.1.23
3.1.24
3.1.25
3.1.3
3.1.4
3.1.5
3.1.6
3.1.7
3.1.8
3.1.9