Skip to main content

Crafter Studio CVE-2026-1770

Improper Control of Dynamically-Managed Code Resources (CWE-913)
2026-02-02 security@craftersoftware.com GHSA-gj28-gw7w-3pxc

Lifecycle Timeline

3
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
Analysis Generated
Mar 12, 2026 - 22:01 vuln.today
CVE Published
Feb 02, 2026 - 17:16 nvd
N/A

DescriptionCVE.org

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker may bypass sandbox restrictions and obtain RCE (Remote Code Execution).

AnalysisAI

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass.

Technical ContextAI

Classified as CWE-913 (Improper Control of Dynamically-Managed Code Resources). Affects Crafter Studio of Crafter CMS. Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker may bypass sandbox restrictions and obtain RCE (Remote Code Execution).

Affected ProductsAI

Product: Crafter Studio of Crafter CMS.

RemediationAI

Monitor vendor advisories for a patch.

Share

CVE-2026-1770 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy