๐Ÿ” CVE Alert

CVE-2026-11779

UNKNOWN 0.0

PayloadCMS 3.84.1 - Authenticated account lockout bypass through default unlock access

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

An Improper Authorization vulnerability exists in PayloadCMS version 3.84.1 due to insufficient access control on the account unlock operation.

CWE CWE-307
Vendor payloadcms
Product payloadcms
Published Jun 26, 2026
Last Updated Jun 26, 2026
Stay Ahead of the Next One

Get instant alerts for payloadcms payloadcms

Be the first to know when new unknown vulnerabilities affecting payloadcms payloadcms are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

PayloadCMS / PayloadCMS
3.84.1

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
fluidattacks.com: https://fluidattacks.com/es/advisories/stitches github.com: https://github.com/payloadcms/payload

Credits

Oscar Naveda