CVE-2026-27567

Name of the Vulnerable Software and Affected Versions Payload versions prior to 3.75.0

Description Payload is a free and open source headless content management system. A Server-Side Request Forgery (SSRF) issue exists in the external file upload functionality. Insufficient validation of HTTP redirects when processing external URLs for file uploads could allow an authenticated attacker to access internal network resources. The Payload environment must have at least one collection with upload enabled and a user who has create access to that upload-enabled collection to be vulnerable. An authenticated user with upload collection write permissions could potentially access internal services and retrieve response content from them through the application.

Recommendations Upgrade to version 3.75.0 or later. As a workaround, disable external file uploads via the disableExternalFile upload collection option. As a workaround, restrict create access on upload-enabled collections to trusted users only.