CVE-2026-34746 - Vulnerability Details - OpenCVE

Payload is a free and open source headless content management system. Prior to version 3.79.1, an authenticated Server-Side Request Forgery (SSRF) vulnerability exists in the upload functionality. Authenticated users with create or update access to an upload-enabled collection could cause the server to make outbound HTTP requests to arbitrary URLs. This issue has been patched in version 3.79.1.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Payloadcms	Payload

No data.

No data.

References

Link	Providers
https://github.com/payloadcms/payload/releases/tag/v3.79.1
https://github.com/payloadcms/payload/security/advisories/GHSA-6r7f-q7f5-wpx8

History

Thu, 02 Apr 2026 20:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Payloadcms Payloadcms payload
Vendors & Products		Payloadcms Payloadcms payload
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 01 Apr 2026 23:45:00 +0000

Type	Values Removed	Values Added
Description		Payload is a free and open source headless content management system. Prior to version 3.79.1, an authenticated Server-Side Request Forgery (SSRF) vulnerability exists in the upload functionality. Authenticated users with create or update access to an upload-enabled collection could cause the server to make outbound HTTP requests to arbitrary URLs. This issue has been patched in version 3.79.1.
Title		Payload has Authenticated SSRF via Upload Functionality
Weaknesses		CWE-918
References		https://github.com/payloadcms/payload/releases/tag/v3.79.1 https://github.com/payloadcms/payload/security/advisories/GHSA-6r7f-q7f5-wpx8
Metrics		cvssV3_1 `{'score': 7.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N'}`

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2026-04-01T19:43:16.700Z

Updated: 2026-04-02T15:12:09.290Z

Reserved: 2026-03-30T19:17:10.224Z

Link: CVE-2026-34746

Vulnrichment

Updated: 2026-04-02T15:12:03.551Z

NVD

Status : Undergoing Analysis

Published: 2026-04-01T20:16:26.727

Modified: 2026-04-03T16:10:52.680

Link: CVE-2026-34746

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-34746", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-30T19:17:10.224Z", "datePublished": "2026-04-01T19:43:16.700Z", "dateUpdated": "2026-04-02T15:12:09.290Z"}, "containers": {"cna": {"title": "Payload has Authenticated SSRF via Upload Functionality", "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "lang": "en", "description": "CWE-918: Server-Side Request Forgery (SSRF)", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/payloadcms/payload/security/advisories/GHSA-6r7f-q7f5-wpx8", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/payloadcms/payload/security/advisories/GHSA-6r7f-q7f5-wpx8"}, {"name": "https://github.com/payloadcms/payload/releases/tag/v3.79.1", "tags": ["x_refsource_MISC"], "url": "https://github.com/payloadcms/payload/releases/tag/v3.79.1"}], "affected": [{"vendor": "payloadcms", "product": "payload", "versions": [{"version": "< 3.79.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-01T19:43:16.700Z"}, "descriptions": [{"lang": "en", "value": "Payload is a free and open source headless content management system. Prior to version 3.79.1, an authenticated Server-Side Request Forgery (SSRF) vulnerability exists in the upload functionality. Authenticated users with create or update access to an upload-enabled collection could cause the server to make outbound HTTP requests to arbitrary URLs. This issue has been patched in version 3.79.1."}], "source": {"advisory": "GHSA-6r7f-q7f5-wpx8", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-02T15:10:39.687505Z", "id": "CVE-2026-34746", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-02T15:12:09.290Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-34746", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-02T15:10:39.687505Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-02T15:12:03.551Z"}}], "cna": {"title": "Payload has Authenticated SSRF via Upload Functionality", "source": {"advisory": "GHSA-6r7f-q7f5-wpx8", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "payloadcms", "product": "payload", "versions": [{"status": "affected", "version": "< 3.79.1"}]}], "references": [{"url": "https://github.com/payloadcms/payload/security/advisories/GHSA-6r7f-q7f5-wpx8", "name": "https://github.com/payloadcms/payload/security/advisories/GHSA-6r7f-q7f5-wpx8", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/payloadcms/payload/releases/tag/v3.79.1", "name": "https://github.com/payloadcms/payload/releases/tag/v3.79.1", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Payload is a free and open source headless content management system. Prior to version 3.79.1, an authenticated Server-Side Request Forgery (SSRF) vulnerability exists in the upload functionality. Authenticated users with create or update access to an upload-enabled collection could cause the server to make outbound HTTP requests to arbitrary URLs. This issue has been patched in version 3.79.1."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "CWE-918: Server-Side Request Forgery (SSRF)"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-01T19:43:16.700Z"}}}, "cveMetadata": {"cveId": "CVE-2026-34746", "state": "PUBLISHED", "dateUpdated": "2026-04-02T15:12:09.290Z", "dateReserved": "2026-03-30T19:17:10.224Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-01T19:43:16.700Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}