CVE-2026-47266

HIGH SEVERITY

Vulnerability Description

Formie is a Craft CMS plugin for creating forms. Prior to 2.2.21 and 3.1.26, unauthenticated users could modify existing submissions by posting a known or guessed submission ID to formie/submissions/save-submission. This vulnerability is fixed in 2.2.21 and 3.1.26.

Vulnerability Details

Published Date

May 29, 2026

Last Modified

May 29, 2026

CWE ID

CWE-639

Source

NVD

Vendor

verbb

Product

formie

External References

https://github.com/verbb/formie/releases/tag/2.2.21
https://github.com/verbb/formie/releases/tag/3.1.26
https://github.com/verbb/formie/security/advisories/GHSA-pgxq-p76c-x9cg

CVE-2026-47266

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment