CVE Catalog
CVE-2026-11779
MediumCVSS 5.3Exploitation Probability (EPSS)
Low risk0.24%
14th percentile — higher than 14% of all known CVEs
Summary
An Improper Authorization vulnerability exists in PayloadCMS version 3.84.1 due to insufficient access control on the account unlock operation.
Risk Assessment
The risk involves bypassing account lockout mechanisms, potentially leading to unauthorized system access and data confidentiality breaches.
Recommendation
It is recommended to immediately update PayloadCMS to the latest version that includes a fix for this vulnerability. Also review and strengthen access control policies for administrative operations.
Original NVD description (English source)
An Improper Authorization vulnerability exists in PayloadCMS version 3.84.1 due to insufficient access control on the account unlock operation.

