CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-31858

Craft is a content management system (CMS). The ElementSearchController::actionSearch() endpoint is missing the unset() protection that was added to ElementIndexesController in CVE-2026-25495. The exact same SQL injection vulnerability (including criteria[orderBy], the original advisory vector) works on this controller because the fix was never applied to it. Any authenticated control panel user (no admin required) can inject arbitrary SQL via criteria[where], criteria[orderBy], or other query properties, and extract the full database contents via boolean-based blind injection. Users should update to the patched 5.9.9 release to mitigate the issue.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 9.4%

CVSS Severity

CVSS v3 Score 8.8

References

Products affected by CVE-2026-31858

Craftcms » Craft Cms » Version: 5.0.0

cpe:2.3:a:craftcms:craft_cms:5.0.0
Craftcms » Craft Cms » Version: 5.0.1

cpe:2.3:a:craftcms:craft_cms:5.0.1
Craftcms » Craft Cms » Version: 5.0.2

cpe:2.3:a:craftcms:craft_cms:5.0.2
Craftcms » Craft Cms » Version: 5.0.3

cpe:2.3:a:craftcms:craft_cms:5.0.3
Craftcms » Craft Cms » Version: 5.0.4

cpe:2.3:a:craftcms:craft_cms:5.0.4
Craftcms » Craft Cms » Version: 5.0.5

cpe:2.3:a:craftcms:craft_cms:5.0.5
Craftcms » Craft Cms » Version: 5.0.6

cpe:2.3:a:craftcms:craft_cms:5.0.6
Craftcms » Craft Cms » Version: 5.1.0

cpe:2.3:a:craftcms:craft_cms:5.1.0
Craftcms » Craft Cms » Version: 5.1.1

cpe:2.3:a:craftcms:craft_cms:5.1.1
Craftcms » Craft Cms » Version: 5.1.10

cpe:2.3:a:craftcms:craft_cms:5.1.10
Craftcms » Craft Cms » Version: 5.1.2

cpe:2.3:a:craftcms:craft_cms:5.1.2
Craftcms » Craft Cms » Version: 5.1.3

cpe:2.3:a:craftcms:craft_cms:5.1.3
Craftcms » Craft Cms » Version: 5.1.4

cpe:2.3:a:craftcms:craft_cms:5.1.4
Craftcms » Craft Cms » Version: 5.1.5

cpe:2.3:a:craftcms:craft_cms:5.1.5
Craftcms » Craft Cms » Version: 5.1.6

cpe:2.3:a:craftcms:craft_cms:5.1.6
Craftcms » Craft Cms » Version: 5.1.7

cpe:2.3:a:craftcms:craft_cms:5.1.7
Craftcms » Craft Cms » Version: 5.1.8

cpe:2.3:a:craftcms:craft_cms:5.1.8
Craftcms » Craft Cms » Version: 5.1.9

cpe:2.3:a:craftcms:craft_cms:5.1.9
Craftcms » Craft Cms » Version: 5.2.0

cpe:2.3:a:craftcms:craft_cms:5.2.0
Craftcms » Craft Cms » Version: 5.2.1

cpe:2.3:a:craftcms:craft_cms:5.2.1
Craftcms » Craft Cms » Version: 5.2.10

cpe:2.3:a:craftcms:craft_cms:5.2.10
Craftcms » Craft Cms » Version: 5.2.2

cpe:2.3:a:craftcms:craft_cms:5.2.2
Craftcms » Craft Cms » Version: 5.2.3

cpe:2.3:a:craftcms:craft_cms:5.2.3
Craftcms » Craft Cms » Version: 5.2.4

cpe:2.3:a:craftcms:craft_cms:5.2.4
Craftcms » Craft Cms » Version: 5.2.4.1

cpe:2.3:a:craftcms:craft_cms:5.2.4.1
Craftcms » Craft Cms » Version: 5.2.5

cpe:2.3:a:craftcms:craft_cms:5.2.5
Craftcms » Craft Cms » Version: 5.2.6

cpe:2.3:a:craftcms:craft_cms:5.2.6
Craftcms » Craft Cms » Version: 5.2.7

cpe:2.3:a:craftcms:craft_cms:5.2.7
Craftcms » Craft Cms » Version: 5.2.8

cpe:2.3:a:craftcms:craft_cms:5.2.8
Craftcms » Craft Cms » Version: 5.2.9

cpe:2.3:a:craftcms:craft_cms:5.2.9
Craftcms » Craft Cms » Version: 5.3.0

cpe:2.3:a:craftcms:craft_cms:5.3.0
Craftcms » Craft Cms » Version: 5.3.0.1

cpe:2.3:a:craftcms:craft_cms:5.3.0.1
Craftcms » Craft Cms » Version: 5.3.0.2

cpe:2.3:a:craftcms:craft_cms:5.3.0.2
Craftcms » Craft Cms » Version: 5.3.0.3

cpe:2.3:a:craftcms:craft_cms:5.3.0.3
Craftcms » Craft Cms » Version: 5.3.1

cpe:2.3:a:craftcms:craft_cms:5.3.1
Craftcms » Craft Cms » Version: 5.3.2

cpe:2.3:a:craftcms:craft_cms:5.3.2
Craftcms » Craft Cms » Version: 5.3.3

cpe:2.3:a:craftcms:craft_cms:5.3.3
Craftcms » Craft Cms » Version: 5.3.4

cpe:2.3:a:craftcms:craft_cms:5.3.4
Craftcms » Craft Cms » Version: 5.3.5

cpe:2.3:a:craftcms:craft_cms:5.3.5
Craftcms » Craft Cms » Version: 5.3.6

cpe:2.3:a:craftcms:craft_cms:5.3.6
Craftcms » Craft Cms » Version: 5.4.0

cpe:2.3:a:craftcms:craft_cms:5.4.0
Craftcms » Craft Cms » Version: 5.4.0.1

cpe:2.3:a:craftcms:craft_cms:5.4.0.1
Craftcms » Craft Cms » Version: 5.4.1

cpe:2.3:a:craftcms:craft_cms:5.4.1
Craftcms » Craft Cms » Version: 5.4.10

cpe:2.3:a:craftcms:craft_cms:5.4.10
Craftcms » Craft Cms » Version: 5.4.10.1

cpe:2.3:a:craftcms:craft_cms:5.4.10.1
Craftcms » Craft Cms » Version: 5.4.2

cpe:2.3:a:craftcms:craft_cms:5.4.2
Craftcms » Craft Cms » Version: 5.4.3

cpe:2.3:a:craftcms:craft_cms:5.4.3
Craftcms » Craft Cms » Version: 5.4.4

cpe:2.3:a:craftcms:craft_cms:5.4.4
Craftcms » Craft Cms » Version: 5.4.5

cpe:2.3:a:craftcms:craft_cms:5.4.5
Craftcms » Craft Cms » Version: 5.4.5.1

cpe:2.3:a:craftcms:craft_cms:5.4.5.1
Craftcms » Craft Cms » Version: 5.4.6

cpe:2.3:a:craftcms:craft_cms:5.4.6
Craftcms » Craft Cms » Version: 5.4.7

cpe:2.3:a:craftcms:craft_cms:5.4.7
Craftcms » Craft Cms » Version: 5.4.7.1

cpe:2.3:a:craftcms:craft_cms:5.4.7.1
Craftcms » Craft Cms » Version: 5.4.8

cpe:2.3:a:craftcms:craft_cms:5.4.8
Craftcms » Craft Cms » Version: 5.4.9

cpe:2.3:a:craftcms:craft_cms:5.4.9
Craftcms » Craft Cms » Version: 5.5.0

cpe:2.3:a:craftcms:craft_cms:5.5.0
Craftcms » Craft Cms » Version: 5.5.0.1

cpe:2.3:a:craftcms:craft_cms:5.5.0.1
Craftcms » Craft Cms » Version: 5.5.1

cpe:2.3:a:craftcms:craft_cms:5.5.1
Craftcms » Craft Cms » Version: 5.5.1.1

cpe:2.3:a:craftcms:craft_cms:5.5.1.1
Craftcms » Craft Cms » Version: 5.5.10

cpe:2.3:a:craftcms:craft_cms:5.5.10
Craftcms » Craft Cms » Version: 5.5.2

cpe:2.3:a:craftcms:craft_cms:5.5.2
Craftcms » Craft Cms » Version: 5.5.3

cpe:2.3:a:craftcms:craft_cms:5.5.3
Craftcms » Craft Cms » Version: 5.5.4

cpe:2.3:a:craftcms:craft_cms:5.5.4
Craftcms » Craft Cms » Version: 5.5.5

cpe:2.3:a:craftcms:craft_cms:5.5.5
Craftcms » Craft Cms » Version: 5.5.6

cpe:2.3:a:craftcms:craft_cms:5.5.6
Craftcms » Craft Cms » Version: 5.5.6.1

cpe:2.3:a:craftcms:craft_cms:5.5.6.1
Craftcms » Craft Cms » Version: 5.5.7

cpe:2.3:a:craftcms:craft_cms:5.5.7
Craftcms » Craft Cms » Version: 5.5.8

cpe:2.3:a:craftcms:craft_cms:5.5.8
Craftcms » Craft Cms » Version: 5.5.9

cpe:2.3:a:craftcms:craft_cms:5.5.9
Craftcms » Craft Cms » Version: 5.6.0

cpe:2.3:a:craftcms:craft_cms:5.6.0
Craftcms » Craft Cms » Version: 5.6.0.1

cpe:2.3:a:craftcms:craft_cms:5.6.0.1
Craftcms » Craft Cms » Version: 5.6.0.2

cpe:2.3:a:craftcms:craft_cms:5.6.0.2
Craftcms » Craft Cms » Version: 5.6.1

cpe:2.3:a:craftcms:craft_cms:5.6.1
Craftcms » Craft Cms » Version: 5.6.10

cpe:2.3:a:craftcms:craft_cms:5.6.10
Craftcms » Craft Cms » Version: 5.6.10.1

cpe:2.3:a:craftcms:craft_cms:5.6.10.1
Craftcms » Craft Cms » Version: 5.6.10.2

cpe:2.3:a:craftcms:craft_cms:5.6.10.2
Craftcms » Craft Cms » Version: 5.6.11

cpe:2.3:a:craftcms:craft_cms:5.6.11
Craftcms » Craft Cms » Version: 5.6.12

cpe:2.3:a:craftcms:craft_cms:5.6.12
Craftcms » Craft Cms » Version: 5.6.13

cpe:2.3:a:craftcms:craft_cms:5.6.13
Craftcms » Craft Cms » Version: 5.6.14

cpe:2.3:a:craftcms:craft_cms:5.6.14
Craftcms » Craft Cms » Version: 5.6.15

cpe:2.3:a:craftcms:craft_cms:5.6.15
Craftcms » Craft Cms » Version: 5.6.16

cpe:2.3:a:craftcms:craft_cms:5.6.16
Craftcms » Craft Cms » Version: 5.6.17

cpe:2.3:a:craftcms:craft_cms:5.6.17
Craftcms » Craft Cms » Version: 5.6.2

cpe:2.3:a:craftcms:craft_cms:5.6.2
Craftcms » Craft Cms » Version: 5.6.3

cpe:2.3:a:craftcms:craft_cms:5.6.3
Craftcms » Craft Cms » Version: 5.6.4

cpe:2.3:a:craftcms:craft_cms:5.6.4
Craftcms » Craft Cms » Version: 5.6.5

cpe:2.3:a:craftcms:craft_cms:5.6.5
Craftcms » Craft Cms » Version: 5.6.5.1

cpe:2.3:a:craftcms:craft_cms:5.6.5.1
Craftcms » Craft Cms » Version: 5.6.6

cpe:2.3:a:craftcms:craft_cms:5.6.6
Craftcms » Craft Cms » Version: 5.6.7

cpe:2.3:a:craftcms:craft_cms:5.6.7
Craftcms » Craft Cms » Version: 5.6.8

cpe:2.3:a:craftcms:craft_cms:5.6.8
Craftcms » Craft Cms » Version: 5.6.9

cpe:2.3:a:craftcms:craft_cms:5.6.9
Craftcms » Craft Cms » Version: 5.6.9.1

cpe:2.3:a:craftcms:craft_cms:5.6.9.1
Craftcms » Craft Cms » Version: 5.7.0

cpe:2.3:a:craftcms:craft_cms:5.7.0
Craftcms » Craft Cms » Version: 5.7.1

cpe:2.3:a:craftcms:craft_cms:5.7.1
Craftcms » Craft Cms » Version: 5.7.1.1

cpe:2.3:a:craftcms:craft_cms:5.7.1.1
Craftcms » Craft Cms » Version: 5.7.10

cpe:2.3:a:craftcms:craft_cms:5.7.10
Craftcms » Craft Cms » Version: 5.7.11

cpe:2.3:a:craftcms:craft_cms:5.7.11
Craftcms » Craft Cms » Version: 5.7.2

cpe:2.3:a:craftcms:craft_cms:5.7.2
Craftcms » Craft Cms » Version: 5.7.3

cpe:2.3:a:craftcms:craft_cms:5.7.3
Craftcms » Craft Cms » Version: 5.7.4

cpe:2.3:a:craftcms:craft_cms:5.7.4
Craftcms » Craft Cms » Version: 5.7.5

cpe:2.3:a:craftcms:craft_cms:5.7.5
Craftcms » Craft Cms » Version: 5.7.6

cpe:2.3:a:craftcms:craft_cms:5.7.6
Craftcms » Craft Cms » Version: 5.7.7

cpe:2.3:a:craftcms:craft_cms:5.7.7
Craftcms » Craft Cms » Version: 5.7.8

cpe:2.3:a:craftcms:craft_cms:5.7.8
Craftcms » Craft Cms » Version: 5.7.8.1

cpe:2.3:a:craftcms:craft_cms:5.7.8.1
Craftcms » Craft Cms » Version: 5.7.8.2

cpe:2.3:a:craftcms:craft_cms:5.7.8.2
Craftcms » Craft Cms » Version: 5.7.9

cpe:2.3:a:craftcms:craft_cms:5.7.9
Craftcms » Craft Cms » Version: 5.8.0

cpe:2.3:a:craftcms:craft_cms:5.8.0
Craftcms » Craft Cms » Version: 5.8.1

cpe:2.3:a:craftcms:craft_cms:5.8.1
Craftcms » Craft Cms » Version: 5.8.10

cpe:2.3:a:craftcms:craft_cms:5.8.10
Craftcms » Craft Cms » Version: 5.8.11

cpe:2.3:a:craftcms:craft_cms:5.8.11
Craftcms » Craft Cms » Version: 5.8.12

cpe:2.3:a:craftcms:craft_cms:5.8.12
Craftcms » Craft Cms » Version: 5.8.13

cpe:2.3:a:craftcms:craft_cms:5.8.13
Craftcms » Craft Cms » Version: 5.8.13.1

cpe:2.3:a:craftcms:craft_cms:5.8.13.1
Craftcms » Craft Cms » Version: 5.8.13.2

cpe:2.3:a:craftcms:craft_cms:5.8.13.2
Craftcms » Craft Cms » Version: 5.8.14

cpe:2.3:a:craftcms:craft_cms:5.8.14
Craftcms » Craft Cms » Version: 5.8.15

cpe:2.3:a:craftcms:craft_cms:5.8.15
Craftcms » Craft Cms » Version: 5.8.16

cpe:2.3:a:craftcms:craft_cms:5.8.16
Craftcms » Craft Cms » Version: 5.8.17

cpe:2.3:a:craftcms:craft_cms:5.8.17
Craftcms » Craft Cms » Version: 5.8.18

cpe:2.3:a:craftcms:craft_cms:5.8.18
Craftcms » Craft Cms » Version: 5.8.19

cpe:2.3:a:craftcms:craft_cms:5.8.19
Craftcms » Craft Cms » Version: 5.8.2

cpe:2.3:a:craftcms:craft_cms:5.8.2
Craftcms » Craft Cms » Version: 5.8.20

cpe:2.3:a:craftcms:craft_cms:5.8.20
Craftcms » Craft Cms » Version: 5.8.21

cpe:2.3:a:craftcms:craft_cms:5.8.21
Craftcms » Craft Cms » Version: 5.8.22

cpe:2.3:a:craftcms:craft_cms:5.8.22
Craftcms » Craft Cms » Version: 5.8.23

cpe:2.3:a:craftcms:craft_cms:5.8.23
Craftcms » Craft Cms » Version: 5.8.3

cpe:2.3:a:craftcms:craft_cms:5.8.3
Craftcms » Craft Cms » Version: 5.8.4

cpe:2.3:a:craftcms:craft_cms:5.8.4
Craftcms » Craft Cms » Version: 5.8.5

cpe:2.3:a:craftcms:craft_cms:5.8.5
Craftcms » Craft Cms » Version: 5.8.6

cpe:2.3:a:craftcms:craft_cms:5.8.6
Craftcms » Craft Cms » Version: 5.8.7

cpe:2.3:a:craftcms:craft_cms:5.8.7
Craftcms » Craft Cms » Version: 5.8.8

cpe:2.3:a:craftcms:craft_cms:5.8.8
Craftcms » Craft Cms » Version: 5.8.9

cpe:2.3:a:craftcms:craft_cms:5.8.9
Craftcms » Craft Cms » Version: 5.9.0

cpe:2.3:a:craftcms:craft_cms:5.9.0
Craftcms » Craft Cms » Version: 5.9.1

cpe:2.3:a:craftcms:craft_cms:5.9.1
Craftcms » Craft Cms » Version: 5.9.2

cpe:2.3:a:craftcms:craft_cms:5.9.2
Craftcms » Craft Cms » Version: 5.9.3

cpe:2.3:a:craftcms:craft_cms:5.9.3
Craftcms » Craft Cms » Version: 5.9.4

cpe:2.3:a:craftcms:craft_cms:5.9.4
Craftcms » Craft Cms » Version: 5.9.5

cpe:2.3:a:craftcms:craft_cms:5.9.5
Craftcms » Craft Cms » Version: 5.9.6

cpe:2.3:a:craftcms:craft_cms:5.9.6
Craftcms » Craft Cms » Version: 5.9.7

cpe:2.3:a:craftcms:craft_cms:5.9.7
Craftcms » Craft Cms » Version: 5.9.8

cpe:2.3:a:craftcms:craft_cms:5.9.8

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-31858

Products

Pricing

Contact Us