CVE-2026-26274— October: Safe Mode Bypass via Twig Database Write Operations
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-26274
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
October: Safe Mode Bypass via Twig Database Write Operations
Source: NVD (National Vulnerability Database)
Vulnerability Description
October is a Content Management System (CMS) and web platform. Prior to 3.7.14 and 4.1.10, a vulnerability was identified in the Twig sandbox security policy that allowed database write operations when cms.safe_mode is enabled. Backend users with Developer permissions could use Twig template markup to execute insert, update, and delete operations on any database table through the query builder, which is included in the sandbox allow-list. This vulnerability is fixed in 3.7.14 and 4.1.10.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
不完整的黑名单
Source: NVD (National Vulnerability Database)
Vulnerability Title
October 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
October是October开源的一个内容管理系统 (CMS) 和网络平台。 October 3.7.14之前版本和4.1.10之前版本存在安全漏洞,该漏洞源于Twig沙箱安全策略问题,可能导致具有Developer权限的后端用户对任意数据库表执行写入操作。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| octobercms | october | >= 4.0.0, < 4.1.10 | - |
II. Public POCs for CVE-2026-26274
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-26274
请登录查看更多情报信息。
Same Patch Batch · octobercms · 2026-04-21 · 4 CVEs total
| CVE-2026-26067 | 4.9 MEDIUM | October: Safe Mode Bypass via CSS Preprocessor Compilers |
| CVE-2026-29179 | 3.3 LOW | October: Editor Sub-Permission Bypass for Asset and Blueprint File Operations |
| CVE-2026-27937 | 3.1 LOW | October: Reflected XSS via DataTable Form Widget |
IV. Related Vulnerabilities
Same product: october
- CVE-2026-29179
October: Editor Sub-Permission Bypass for Asset and Blueprin - CVE-2026-27937
October: Reflected XSS via DataTable Form Widget - CVE-2026-26067
October: Safe Mode Bypass via CSS Preprocessor Compilers - CVE-2026-25133
October CMS has Stored XSS via SVG Filter Bypass - CVE-2026-25125
October CMS: Environment Variable Exfiltration via INI Parse
Same vendor: octobercms
- CVE-2026-29179
October: Editor Sub-Permission Bypass for Asset and Blueprin - CVE-2026-27937
October: Reflected XSS via DataTable Form Widget - CVE-2026-26067
October: Safe Mode Bypass via CSS Preprocessor Compilers - CVE-2026-25133
October CMS has Stored XSS via SVG Filter Bypass - CVE-2026-25125
October CMS: Environment Variable Exfiltration via INI Parse
Same weakness: CWE-184
- CVE-2026-44115
OpenClaw < 2026.4.22 - Shell Expansion Bypass in Unquoted He - CVE-2026-44114
OpenClaw < 2026.4.20 - Environment Variable Namespace Collis - CVE-2026-43584
OpenClaw < 2026.4.10 - Insufficient Environment Variable Den - CVE-2026-43578
OpenClaw 2026.3.31 < 2026.4.10 - Privilege Escalation via Mi - CVE-2026-41934
Vvveb < 1.0.8.2 Authenticated RCE via Code Editor
V. Comments for CVE-2026-26274
No comments yet