Browse all 7 CVE security advisories affecting f. AI-powered Chinese analysis, POCs, and references for each vulnerability.
F serves as a widely-used content management system powering websites and digital experiences. Historically, it has been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, with seven CVEs documented. The platform's extensive plugin ecosystem often introduces additional attack surfaces. Notable security characteristics include its open-source nature, which enables rapid vulnerability discovery but also exposes it to potential exploitation. While no major public security incidents have been widely reported, the consistent discovery of vulnerabilities underscores the importance of regular updates and proper hardening for production deployments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-22665 | prompts.chat Identity Confusion via Case-Sensitive Username Handling — prompts.chatCWE-178 | 8.1 | High | 2026-04-03 |
| CVE-2026-22664 | prompts.chat SSRF via Fal.ai Media Status Polling — prompts.chatCWE-918 | 7.7 | High | 2026-04-03 |
| CVE-2026-22663 | prompts.chat Authorization Bypass Information Disclosure — prompts.chatCWE-862 | 7.5 | High | 2026-04-03 |
| CVE-2026-22662 | prompts.chat Blind SSRF via media-generate — prompts.chatCWE-918 | 4.3 | Medium | 2026-04-03 |
| CVE-2026-22661 | prompts.chat Path Traversal via Skill File Handling — prompts.chatCWE-22 | 8.1 | High | 2026-04-03 |
| CVE-2026-28412 | Textream Vulnerable to Uncontrolled Resource Consumption (Denial of Service) — textreamCWE-400 | 6.5 | Medium | 2026-03-02 |
| CVE-2026-28403 | Textream Cross-Site WebSocket Hijacking (CSWSH) vulnerability — textreamCWE-346 | 7.6 | High | 2026-03-02 |
This page lists every published CVE security advisory associated with f. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.