PT-2026-52847 · Payloadcms · Payloadcms

Oscar Naveda

·

Published

2026-06-26

·

Updated

2026-06-26

·

CVE-2026-11779

CVSS v4.0

5.3

Medium

VectorAV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
An Improper Authorization vulnerability exists in PayloadCMS version 3.84.1 due to insufficient access control on the account unlock operation.

Exploit

Fix

Improper Restriction of Excessive Authentication Attempts

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-307

Related Identifiers

CVE-2026-11779

Affected Products

Payloadcms