Strapi Relationship Filter SQL Injection Bypassing Auth

github.com 2026-05-22查看中文 →

Security AdvisoryHighStrapi

Affected:

Strapi <= 5.36.1

Fixed in:

Strapi >= 5.37.0

Referenced CVEs: CVE-2026-27886

文章内图片已隐藏以节省流量 · Upgrade to Pro to view images & offline archive

This content was auto-fetched from github.com, cleaned by our LLM pipeline, and translated to English. View original.

More from this source

Hermes Agent Feishu Webhook Pre-Auth Rate-Limit Bypass DoS 2026-06-01 Hermes-Agent .env Parser Semantic Injection via Substring Splitting (RCE/Credential Theft) 2026-06-01 Unauthenticated Arbitrary User Creation (Privilege Escalation) in add_user_check.php - Broken Access Control 2026-06-01 hermes-agent Persistent Prompt Injection Bypass via Regex Evasion 2026-06-01 SQL Injection Auth Bypass in login_check.php (Admin Session Acquisition) 2026-06-01

Offline Archive

Offline screenshot & PDF are Pro-exclusive