Browse all 5 CVE security advisories affecting CrafterCMS. AI-powered Chinese analysis, POCs, and references for each vulnerability.
CrafterCMS serves as a Java-based content management system for enterprises requiring flexible digital experiences. Historically, it has faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, with five CVEs currently documented. The platform's security posture has been impacted by issues in its templating engine and authentication mechanisms, though no major public breaches have been widely reported. Its Java architecture provides inherent security benefits but requires diligent patching against common web application risks. The system's extensibility through modules introduces potential attack surfaces that administrators must carefully monitor and secure.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-1770 | Improper Control of Dynamically-Managed Code Resources in Crafter Studio — CrafterCMSCWE-913 | 8.8AI | HighAI | 2026-02-02 |
| CVE-2025-6384 | Improper Control of Dynamically-Managed Code Resources in Crafter Studio — CrafterCMSCWE-913 | 8.8AI | HighAI | 2025-06-19 |
| CVE-2025-0502 | Transmission of Private Resources into a New Sphere in Crafter Engine — CrafterCMSCWE-402 | 9.1 | - | 2025-01-15 |
| CVE-2023-4136 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Crafter Engine — CrafterCMSCWE-79 | 7.4 | High | 2023-08-03 |
| CVE-2023-26020 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Crafter Studio — CrafterCMSCWE-89 | 5.7 | Medium | 2023-02-17 |
This page lists every published CVE security advisory associated with CrafterCMS. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.