CVE-2026-14793
Last modified
CVE-2026-14793 is a medium-severity vulnerability rated 5.3/10 on the CVSS scale. A vulnerability was detected in Craft CMS up to 4.18.0.1. Affected is the function actionReorderSets of the file src/controllers/GlobalsController.php of the component reorder-sets Endpoint. EPSS estimates a 0.22% chance of exploitation in the next 30 days.
Description
A vulnerability was detected in Craft CMS up to 4.18.0.1. Affected is the function actionReorderSets of the file src/controllers/GlobalsController.php of the component reorder-sets Endpoint. The manipulation results in authorization bypass. The attack can be executed remotely. Upgrading to version 4.18.1 is able to address this issue. The patch is identified as 9bd05c91e6a7e6da5e949ec41a31c220c059aa04. The affected component should be upgraded.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
Source: CNA advisory (CVE.org). NVD analysis pending.
| Vendor | Product | Versions |
|---|---|---|
| Craft | CMS | 4.18.0.0; 4.18.0.1 |
References
Timeline
- Published
- Last Modified
- Status
- Deferred
Frequently Asked Questions
What is CVE-2026-14793?
How severe is CVE-2026-14793?
How do I fix CVE-2026-14793?
Related CVEs from 2026
- CVE-2026-14788A security vulnerability has been detected in radareorg rada…7.8
- CVE-2026-14789A vulnerability was detected in radareorg radare2 up to 6.1.…7.8
- CVE-2026-1479An out-of-band SQL injection vulnerability (OOB SQLi) has be…7.5
- CVE-2026-14790A flaw has been found in GPAC 26.02.0. This affects the func…3.3
- CVE-2026-14791A weakness has been identified in crater-invoice-inc crater …3.5
- CVE-2026-14792A security vulnerability has been detected in Formbricks 5.0…6.9
- CVE-2026-14794A flaw has been found in Craft CMS up to 4.18.0.1. Affected …5.3
- CVE-2026-14795A vulnerability has been found in CodeAstro Apartment Visito…6.3
- CVE-2026-14796A vulnerability was found in CodeAstro Apartment Visitor Man…6.3
- CVE-2026-14797A vulnerability was determined in CodeAstro Apartment Visito…6.3
- CVE-2026-14798A vulnerability was identified in CodeAstro Apartment Visito…6.3
- CVE-2026-14799A security flaw has been discovered in CodeAstro Ecommerce W…6.3
Are you affected by CVE-2026-14793?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST
