Skip to content

Craft CMS: save_images_Asset graphql mutation can be abused to exfiltrate AWS credentials of underlying host

Moderate severity GitHub Reviewed Published Feb 9, 2026 in craftcms/cms • Updated Feb 9, 2026

No open alerts for this advisory

Give feedback on Dependabot alerts