Crafter Studio CVE-2026-1770
Lifecycle Timeline
3DescriptionCVE.org
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker may bypass sandbox restrictions and obtain RCE (Remote Code Execution).
AnalysisAI
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass.
Technical ContextAI
Classified as CWE-913 (Improper Control of Dynamically-Managed Code Resources). Affects Crafter Studio of Crafter CMS. Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker may bypass sandbox restrictions and obtain RCE (Remote Code Execution).
Affected ProductsAI
Product: Crafter Studio of Crafter CMS.
RemediationAI
Monitor vendor advisories for a patch.
Share
External POC / Exploit Code
Leaving vuln.today
GHSA-gj28-gw7w-3pxc