Severity:
HIGH RISK
(7.5)
Authorization Bypass via GraphQL @parseRefs Directive (CWE-639) in Craft CMS
CVE-2026-28696
Published:
Mar 4, 2026
Status:
Analyzed
Summary
Affected Context
Exploit Preconditions
Why This Happens
Potential Impact
General Mitigation Guidance
How Teams Detect Issues Like This
Frequently Asked Questions
Source
NDV
