CVE-2026-32267— Craft CMS Vulnerable to Privilege Escalation/Bypass through UsersController->actionImpersonateWithToken()
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-32267
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Craft CMS Vulnerable to Privilege Escalation/Bypass through UsersController->actionImpersonateWithToken()
Source: NVD (National Vulnerability Database)
Vulnerability Description
Craft CMS is a content management system (CMS). From version 4.0.0-RC1 to before version 4.17.6 and from version 5.0.0-RC1 to before version 5.9.12, a low-privilege user (or an unauthenticated user who has been sent a shared URL) can escalate their privileges to admin by abusing UsersController->actionImpersonateWithToken. This issue has been patched in versions 4.17.6 and 5.9.12.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
授权机制不正确
Source: NVD (National Vulnerability Database)
Vulnerability Title
Craft CMS 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Craft CMS是Craft CMS开源的一套内容管理系统(CMS)。 Craft CMS 4.0.0-RC1至4.17.6之前版本和5.0.0-RC1至5.9.12之前版本存在安全漏洞,该漏洞源于低权限用户或收到共享链接的未经验证用户可能滥用UsersController->actionImpersonateWithToken提升权限至管理员。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-32267
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-32267
请登录查看更多情报信息。
- Fixed GHSA-cc7p-2j3x-x7xf · craftcms/cms@6301e21 · GitHubx_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2026-32267
Same Patch Batch · craftcms · 2026-03-16 · 5 CVEs total
| CVE-2026-32261 | RCE via SSTI for users with permissions to access the Craft CMS Webhooks plugin | |
| CVE-2026-32264 | Craft CMS vulnerable to behavior injection RCE ElementIndexesController and FieldsControll | |
| CVE-2026-32263 | Craft CMS vulnerable to behavior injection RCE via EntryTypesController | |
| CVE-2026-32262 | Craft CMS has a Path Traversal Vulnerability in AssetsController |
IV. Related Vulnerabilities
Same product: cms
- CVE-2026-7508
Bootstrap CMS Page Creation show.blade.php code injection - CVE-2026-7317
Grav CMS Cache Value FileCache.php doGet deserialization - CVE-2026-7016
MaxSite CMS ushki Plugin cross site scripting - CVE-2026-7015
MaxSite CMS Guestbook Plugin cross site scripting - CVE-2026-7014
MaxSite CMS down_count Plugin cross site scripting
Same vendor: craftcms
- CVE-2026-41130
Craft CMS has a host header injection leading to SSRF via re - CVE-2026-41129
Craft CMS has Server-Side Request Forgery (SSRF) with Asset - CVE-2026-41128
Craft CMS has a Missing Authorization Check on User Group Re - CVE-2026-32272
Craft Commerce: Blind SQL Injection via hasVariant/hasProduc - CVE-2026-32271
Craft Commerce: SQL Injection can lead to Remote Code Execut
Same weakness: CWE-863
- CVE-2026-42571
Privilege Escalation Attack affecting Pelican Web UI - CVE-2025-15633
HCL BigFix WebUI is affected by an improper authorization vu - CVE-2026-42296
Argo Workflows has incomplete fix for CVE-2026-31892: hostNe - CVE-2025-66170
Apache CloudStack: Any user can list backups that they shoul - CVE-2026-41903
FreeScout IDOR Vulnerability: PERM_EDIT_USERS allows modifyi
V. Comments for CVE-2026-32267
No comments yet