CISA KEV: Craft CMS Craft CMS — Craft CMS Code Injection Vulnerability

Friday, March 20, 2026 at 12:00 AM UTC·Source: CISA KEV

Updated: Thursday, April 2, 2026 at 05:46 PM UTC

Executive Summary

Craft CMS contains a code injection vulnerability that allows a remote attacker to execute arbitrary code.

Analysis

Craft CMS contains a code injection vulnerability that allows a remote attacker to execute arbitrary code. Added to CISA Known Exploited Vulnerabilities catalog on 2026-03-20. Remediation due: 2026-04-03.

Indicators of Compromise (1)

CVE (1)

CVE-2025-32432

NVD MITRE CVE

Source Attribution

Originally published by CISA KEV on Mar 20, 2026. Verified by: CISA.

Related Threats

MEDIUMVulnerabilityNEW

Trump asks Fed to explore giving fintechs access to payment rails

President Donald Trump has signed an executive order asking the Federal Reserve to explore options for expanding access to payment rails.

Just nowFinextra

MEDIUMVulnerabilityNEW

CVE-2026-34472: Pre-auth credential exposure and auth bypass in ZTE H188A V6 routers

[object Object]

CVE-2026-34472

22m agor/netsec

MEDIUMVulnerabilityNEW

Pennies strenthens leadership bench

Pennies, the leading charity enabling micro-donations at checkout, today announces a series of senior leadership appointments as it scales its team to support the rapid growth of micro-donations.

27m agoFinextra