Product
A high-severity vulnerability (CVE-2026-50282) in Craft CMS allows an authenticated user to delete destination folders and their contents without explicit delete permissions during a forced folder move operation, enabling asset loss, breaking existing asset references, and causing operational disruption.