Vendor
high
advisory
Formie Unauthenticated Submission Editing Vulnerability (CVE-2026-47266)
1 rule 1 CVE 1 IOCAn unauthenticated user can modify existing Formie submissions by posting a known or guessed submission ID to `formie/submissions/save-submission`, affecting versions prior to 2.2.21 and versions 3.0.0 to 3.1.26.
Formie +1
unauthenticated-access
data-manipulation
cve
cloud
1r
1c
1i
critical
advisory
Formie Plugin Server-Side Template Injection via Hidden Fields (CVE-2026-45697)
2 rules 1 TTPA pre-authenticated server-side template injection vulnerability (CVE-2026-45697) exists in the Hidden fields of the Formie Craft plugin, allowing unauthenticated users to submit crafted values that are evaluated as Twig during submission handling, potentially leading to site compromise.
Formie
server-side template injection
code-execution
craftcms
2r
1t