CVE-2026-47266

UNKNOWN 0.0

Formie: Unauthenticated front-end submission editing can overwrite existing submissions

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Formie is a Craft CMS plugin for creating forms. Prior to 2.2.21 and 3.1.26, unauthenticated users could modify existing submissions by posting a known or guessed submission ID to formie/submissions/save-submission. This vulnerability is fixed in 2.2.21 and 3.1.26.

CWE	CWE-639
Vendor	verbb
Product	formie
Published	May 29, 2026
Last Updated	May 29, 2026

Stay Ahead of the Next One

Get instant alerts for verbb formie

Be the first to know when new unknown vulnerabilities affecting verbb formie are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

verbb / formie

< 2.2.21 >= 3.0.0-beta.1, < 3.1.26

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/verbb/formie/security/advisories/GHSA-pgxq-p76c-x9cg github.com: https://github.com/verbb/formie/releases/tag/2.2.21 github.com: https://github.com/verbb/formie/releases/tag/3.1.26