Skip to content

CVE lookup

CVE-2026-25544

Pruva has a verified reproduction for CVE-2026-25544: Payload CMS: Blind SQL Injection in JSON/RichText Queries via Drizzle Adapters. The canonical evidence record is REPRO-2026-00092.

REPRO

REPRO-2026-00092

Package

@payloadcms/drizzle · npm

Severity

CRITICAL

Status

published