Incorrect Authorization Affecting silverstripe/framework package, versions >=3.0.0, <3.0.14>=3.1.0, <3.1.13
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-PHP-SILVERSTRIPEFRAMEWORK-17400362
- published22 Jun 2026
- disclosed19 Jun 2026
- creditPatrick Nelson
Introduced: 19 Jun 2026
New CVE NOT AVAILABLE CWE-303 (opens in a new tab)How to fix?
Upgrade silverstripe/framework to version 3.0.14, 3.1.13 or higher.
Overview
silverstripe/framework is a PHP framework forming the base for the SilverStripe CMS.
Affected versions of this package are vulnerable to Incorrect Authorization via validation of secure token parameters. An attacker can bypass authentication checks protecting privileged query parameters such as isDev and flush by supplying an empty token parameter. This allows unauthorized activation of developer mode or triggering of cache flush operations, potentially resulting in information disclosure or denial of service through excessive resource consumption.