CVE-2026-32266

LOW
2026-03-16 https://github.com/craftcms/google-cloud GHSA-67cr-jmh8-4jpq

Lifecycle Timeline

3
Analysis Generated
Mar 16, 2026 - 18:32 vuln.today
Patch Released
Mar 16, 2026 - 18:32 nvd
Patch available
CVE Published
Mar 16, 2026 - 18:14 nvd
LOW

Tags

CSRF Information Disclosure

Description

Unauthenticated users can view a list of buckets the plugin has access to. The `DefaultController->actionLoadBucketData()` endpoint allows unauthenticated users with a valid CSRF token to view a list of buckets that the plugin is allowed to see. Users should update to version 2.2.1 of the plugin to mitigate the issue.

Analysis

Unauthenticated users can view a list of buckets the plugin has access to.

Sign in for full analysis, threat intelligence, and remediation guidance.

Remediation

During next maintenance window: Apply vendor patches when convenient. Verify information disclosure controls are in place.

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

0
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +0
POC: 0

Share

CVE-2026-32266 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy