CRITICAL🇵🇱 Wersja polska

CVE-2026-25544

CVSS 9.8v3.1pub. 2026-02-06upd. 2026-02-20

Payload is a free and open source headless content management system. Prior to 3.73.0, when querying JSON or richText fields, user input was directly embedded into SQL without escaping, enabling blind SQL injection attacks. An unauthenticated attacker could extract sensitive data (emails, password reset tokens) and achieve full account takeover without password cracking. This vulnerability is fixed in 3.73.0.

🤖 AI Analysis
How it works

User input in queries concerning JSON or richText fields was directly embedded in SQL queries without proper sanitization (escaping). This allows for a blind SQL injection attack — an attacker can ask the database questions and based on differences in responses, read the database contents. In this way, it is possible to extract sensitive data such as email addresses and password reset tokens, which enables account takeover without the need to crack passwords.

Impact

An attacker without any authentication can extract sensitive data from the database (including email addresses and password reset tokens) and take full control of any user account, including administrator accounts.

Mitigation & patch

Payload CMS must be immediately updated to version 3.73.0 or newer, in which the vulnerability has been fixed. Details are available in the vendor references: https://github.com/payloadcms/payload/security/advisories/GHSA-xx6w-jxg9-2wh8

Who is affected

Payload CMS (open source headless CMS) — all versions before 3.73.0

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Payloadcms Payload

    APP
    Payloadcms
    < 3.73.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLiAuth Bypass
CWE
References

Related vulnerabilities

CVE-2026-34751CRITICAL9.1PL ✓ten sam produkt

Payload CMS: ominięcie uwierzytelnienia przez podatny przepływ resetowania hasła

CVE-2022-27952CRITICAL9.8ten sam produkt

An arbitrary file upload vulnerability in the file upload module of PayloadCMS v0.15.0 allows attackers to exe...

CVE-2026-34747HIGH8.5ten sam produkt

Payload is a free and open source headless content management system. Prior to version 3.79.1, certain request...

CVE-2026-34748HIGH8.7ten sam produkt

Payload is a free and open source headless content management system. Prior to version 3.78.0 in @payloadcms/n...

CVE-2026-34746HIGH7.7ten sam produkt

Payload is a free and open source headless content management system. Prior to version 3.79.1, an authenticate...