CVE-2026-29179

Summary

October CMS: Editor Sub-Permission Bypass for Asset and Blueprint File Operations

Severity

low

EPSS

0.1% (p4)

Also known as

GHSA-jvwg-phxx-j3rp

Published

2026-04-21

References

• https://github.com/octobercms/october/security/advisories/GHSA-jvwg-phxx-j3rp
• https://nvd.nist.gov/vuln/detail/CVE-2026-29179
• https://github.com/octobercms/october

Related advisories

• CVE-2021-32648 — high · Packagist/october/system
• CVE-2026-26067 — medium · Packagist/october/system
• CVE-2026-24907 — medium · Packagist/october/system
• CVE-2026-24906 — medium · Packagist/october/system
• CVE-2025-61676 — medium · Packagist/october/system
• CVE-2025-61674 — medium · Packagist/october/system

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Summarize with AI

ChatGPTClaudePerplexity