Skip to main content

Formwork

2 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-27198 PHP HIGH PATCH This Week

Formwork CMS versions 2.0.0 through 2.3.3 fail to validate user privileges during account creation, allowing authenticated editors to create admin accounts and gain full CMS control. An attacker with editor-level access can exploit this authorization bypass to escalate privileges without restriction, completely compromising the application. A patch is available in version 2.3.4.

Privilege Escalation Formwork
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-65956 PHP MEDIUM POC PATCH This Month

Formwork is a flat file-based Content Management System (CMS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Formwork
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-27198 PHP
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Formwork CMS versions 2.0.0 through 2.3.3 fail to validate user privileges during account creation, allowing authenticated editors to create admin accounts and gain full CMS control. An attacker with editor-level access can exploit this authorization bypass to escalate privileges without restriction, completely compromising the application. A patch is available in version 2.3.4.

Privilege Escalation Formwork
NVD GitHub
CVE-2025-65956 PHP
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

Formwork is a flat file-based Content Management System (CMS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Formwork
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy