CVE-2026-31266

Published: May 27, 2026

Modified: May 27, 2026

PUBLISHED

Craft CMS 5.9.5 and earlier contains a Missing Authorization vulnerability in the migrate endpoint (/actions/app/migrate).

Vendor	Product	Versions
n/a	n/a	affected `n/a`

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.