CVE-2026-34751— Payload has Unvalidated Input in Password Recovery Endpoints
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-34751
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Payload has Unvalidated Input in Password Recovery Endpoints
Source: NVD (National Vulnerability Database)
Vulnerability Description
Payload is a free and open source headless content management system. Prior to version 3.79.1 in @payloadcms/graphql and payload, a vulnerability in the password recovery flow could allow an unauthenticated attacker to perform actions on behalf of a user who initiates a password reset. This issue has been patched in version 3.79.1 for @payloadcms/graphql and payload.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
对假设不可变Web参数的外部可控制
Source: NVD (National Vulnerability Database)
Vulnerability Title
Payload 授权问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Payload是一个使用 TypeScript、Node.js、React 和 MongoDB 构建的 Headless CMS 和应用程序框架。 Payload 3.79.1之前版本存在授权问题漏洞,该漏洞源于密码恢复流程存在缺陷,可能导致未经验证的攻击者代表发起密码重置的用户执行操作。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Shenlong Deep Dive — AI Deep Analysis
10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| payloadcms | payload | < 3.79.1 | - |
II. Public POCs for CVE-2026-34751
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
Qwen3.6-35B-A3B · 5019 chars
Paid plan includes:
In-depth vulnerability mechanism
Trigger conditions & impact
Full executable POC code
Exploit chain & mitigation
POC zip download
100+ AI POC generations per month
III. Intelligence Information for CVE-2026-34751
请登录查看更多情报信息。
Same Patch Batch · payloadcms · 2026-04-01 · 6 CVEs total
| CVE-2026-34748 | 8.7 HIGH | @payloadcms/next has Stored XSS in Admin Panel |
| CVE-2026-34747 | 8.5 HIGH | Payload has an SQL Injection via Query Handling |
| CVE-2026-34746 | 7.7 HIGH | Payload has Authenticated SSRF via Upload Functionality |
| CVE-2026-34750 | 6.5 MEDIUM | Payload has Insufficient Filename Validation in Client-Upload Signed-URL Endpoints |
| CVE-2026-34749 | 5.4 MEDIUM | Payload has a CSRF Protection Bypass in Authentication Flow |
IV. Related Vulnerabilities
Same product: payload
- CVE-2026-34750
Payload has Insufficient Filename Validation in Client-Uploa - CVE-2026-34749
Payload has a CSRF Protection Bypass in Authentication Flow - CVE-2026-34748
@payloadcms/next has Stored XSS in Admin Panel - CVE-2026-34747
Payload has an SQL Injection via Query Handling - CVE-2026-34746
Payload has Authenticated SSRF via Upload Functionality
Same vendor: payloadcms
- CVE-2026-34750
Payload has Insufficient Filename Validation in Client-Uploa - CVE-2026-34749
Payload has a CSRF Protection Bypass in Authentication Flow - CVE-2026-34748
@payloadcms/next has Stored XSS in Admin Panel - CVE-2026-34747
Payload has an SQL Injection via Query Handling - CVE-2026-34746
Payload has Authenticated SSRF via Upload Functionality
V. Comments for CVE-2026-34751
No comments yet