NVD Vulnerability Detail

Search Exploit, PoC

Exploit DB

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-31317

Summary	Craftql v1.3.7 and before is vulnerable to Server-Side Request Forgery (SSRF) which allows an attacker to execute arbitrary code via the vendor/markhuot/craftql/src/Listeners/GetAssetsFieldSchema.php file
Publication Date	April 17, 2026, 11:16 p.m.
Registration Date	April 18, 2026, 4:10 a.m.
Last Update	April 18, 2026, 12:30 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://github.com/markhuot/craftql	cve@mitre.org
2	https://github.com/stormmmg/craftql_ssrf/	cve@mitre.org
3	https://github.com/stormmmg/craftql_ssrf/blob/master/craftql-ssrf-en/README_detail.md	cve@mitre.org

Common Vulnerabilities List