CVE-2026-47266

N/A Unknown

Published: May 29, 2026 Modified: May 29, 2026

Description

Formie is a Craft CMS plugin for creating forms. Prior to 2.2.21 and 3.1.26, unauthenticated users could modify existing submissions by posting a known or guessed submission ID to formie/submissions/save-submission. This vulnerability is fixed in 2.2.21 and 3.1.26.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://github.com/verbb/formie/releases/tag/2.2.21

Source: security-advisories@github.com

https://github.com/verbb/formie/releases/tag/3.1.26

Source: security-advisories@github.com

https://github.com/verbb/formie/security/advisories/GHSA-pgxq-p76c-x9cg

Source: security-advisories@github.com

3 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

0.3%

23th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-639

Related CVEs

CVE-2026-9677 N/A

CVE-2026-13245 6.1

CVE-2026-12404 5.3

CVE-2026-10820 N/A

CVE-2026-12415 9.8