Browse all 8 CVE security advisories affecting apostrophecms. AI-powered Chinese analysis, POCs, and references for each vulnerability.
ApostropheCMS is a headless CMS focused on content management for modern web applications. Historically, it has faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, with 8 CVEs documented. The platform's modular architecture introduces potential attack surfaces through its rich text editor and custom field types. Notable security characteristics include its PHP-based backend and JavaScript frontend, which may expose it to web application threats. While no major public security incidents have been widely reported, the consistent discovery of vulnerabilities highlights the importance of regular updates and input validation in preventing exploitation.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-32731 | ApostropheCMS has Arbitrary File Write (Zip Slip / Path Traversal) in Import-Export Gzip Extraction — import-exportCWE-22 | 10.0 | Critical | 2026-03-18 |
This page lists every published CVE security advisory associated with apostrophecms. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.