CVE-2026-47266NVD

Vulnerability Summary

Formie is a Craft CMS plugin for creating forms. Prior to 2.2.21 and 3.1.26, unauthenticated users could modify existing submissions by posting a known or guessed submission ID to formie/submissions/save-submission. This vulnerability is fixed in 2.2.21 and 3.1.26.

Severity Level

UNKNOWN

Published Date

May 29, 2026

Last Modified

May 29, 2026

Exploitation Status

UNKNOWN

Root Weakness (CWE)

N/A

EPSS Score (30-Day)

0.06%Probability

External References

https://github.com/verbb/formie/security/advisories/GHSA-pgxq-p76c-x9cg
https://github.com/verbb/formie/releases/tag/2.2.21
https://github.com/verbb/formie/releases/tag/3.1.26