{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/formie--2.2.21/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"id":"CVE-2026-47266"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Formie (\u003c 2.2.21)","Formie (\u003e= 3.0.0, \u003c 3.1.26)"],"_cs_severities":["high"],"_cs_tags":["unauthenticated-access","data-manipulation","cve","cloud"],"_cs_type":"advisory","_cs_vendors":["Verbb"],"content_html":"\u003cp\u003eA vulnerability exists in the Formie plugin that allows unauthenticated users to modify existing form submissions. By sending a crafted POST request to the \u003ccode\u003eformie/submissions/save-submission\u003c/code\u003e endpoint with a known or guessed submission ID, an attacker can overwrite existing submission data. This issue affects Formie versions prior to 2.2.21 and versions 3.0.0 through 3.1.26. Successful exploitation of this vulnerability could lead to data manipulation, unauthorized access to sensitive information, or other malicious activities. This vulnerability is identified as CVE-2026-47266.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn unauthenticated attacker identifies a target Formie installation.\u003c/li\u003e\n\u003cli\u003eThe attacker enumerates or guesses existing submission IDs.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious POST request to \u003ccode\u003eformie/submissions/save-submission\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe POST request includes the targeted submission ID.\u003c/li\u003e\n\u003cli\u003eThe POST request contains modified form field data intended to overwrite the original submission.\u003c/li\u003e\n\u003cli\u003eThe Formie plugin processes the request without proper authentication checks.\u003c/li\u003e\n\u003cli\u003eThe targeted submission is updated with the attacker\u0026rsquo;s modified data.\u003c/li\u003e\n\u003cli\u003eThe attacker verifies the submission has been successfully overwritten.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-47266 allows unauthenticated users to modify existing Formie submissions. This could lead to data corruption, exposure of sensitive information contained within the forms, or manipulation of business processes that rely on the integrity of the submitted data. The number of affected installations is currently unknown, but any Formie instance running a vulnerable version is susceptible to this attack.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Formie to version 2.2.21 or 3.1.26 or later to patch CVE-2026-47266, as per the vendor\u0026rsquo;s advisory.\u003c/li\u003e\n\u003cli\u003eAs a workaround, block unauthenticated access to the \u003ccode\u003eactions/formie/submissions/save-submission\u003c/code\u003e endpoint, as described in the vendor\u0026rsquo;s advisory.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule provided below to detect attempts to exploit this vulnerability by monitoring POST requests to the \u003ccode\u003eformie/submissions/save-submission\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-29T22:21:48Z","date_published":"2026-05-29T22:21:48Z","id":"https://feed.craftedsignal.io/briefs/2026-05-formie-submission-overwrite/","summary":"An unauthenticated user can modify existing Formie submissions by posting a known or guessed submission ID to `formie/submissions/save-submission`, affecting versions prior to 2.2.21 and versions 3.0.0 to 3.1.26.","title":"Formie Unauthenticated Submission Editing Vulnerability (CVE-2026-47266)","url":"https://feed.craftedsignal.io/briefs/2026-05-formie-submission-overwrite/"}],"language":"en","title":"CraftedSignal Threat Feed — Formie (\u003c 2.2.21)","version":"https://jsonfeed.org/version/1.1"}