CVE Catalog

CVE-2026-11779

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.24%

14th percentile — higher than 14% of all known CVEs

Summary

An Improper Authorization vulnerability exists in PayloadCMS version 3.84.1 due to insufficient access control on the account unlock operation.

Risk Assessment

The risk involves bypassing account lockout mechanisms, potentially leading to unauthorized system access and data confidentiality breaches.

Recommendation

It is recommended to immediately update PayloadCMS to the latest version that includes a fix for this vulnerability. Also review and strengthen access control policies for administrative operations.

Original NVD description (English source)

An Improper Authorization vulnerability exists in PayloadCMS version 3.84.1 due to insufficient access control on the account unlock operation.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS