CVE-2026-22692 - Vulnerability Analysis
MediumCVSS: 4.9Last Updated: April 14, 2026
October CMS - Sandbox Bypass
Published: April 14, 2026Updated: April 14, 2026PoC AvailableRemote Exploitable
Overview
October CMS < 3.7.13 and 4.0.0 to 4.1.4 contain a sandbox bypass caused by improper restriction of methods on the collect() helper in Twig safe mode, letting authenticated users with template editing permissions bypass sandbox protections, exploit requires CMS_SAFE_MODE enabled and authenticated backend access with template editing permissions.
Severity & Score
Severity: Medium
CVSS Score: 4.9
Impact
Authenticated users with template editing permissions can bypass sandbox protections, potentially leading to code execution or privilege escalation.
Mitigation
Upgrade to versions 3.7.13 or 4.1.5 or later; alternatively disable CMS_SAFE_MODE and restrict template editing permissions to trusted administrators.
Related Resources
Details
- CVE ID
- CVE-2026-22692
- Severity
- Medium
- CVSS Score
- 4.9
- Type
- sandbox_bypass
- Status
- new
CWE
- CWE-284
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N