CVE-2026-3327

Q: How severe is CVE-2026-3327?

CVSS scoring is not yet available for CVE-2026-3327. Check NVD for updates.

Q: Is there a patch for CVE-2026-3327?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.

Vulnerability Description

Authenticated Iframe Injection in Dato CMS Web Previews plugin. This vulnerability permits a malicious authenticated user to circumvent the restriction enforced on the configured frontend URL, enabling the loading of arbitrary external resources or origins. This issue affects Web Previews < v1.0.31.

Related Weaknesses (CWE)

CWE-79

References

https://github.com/datocms/plugins/commit/7965eebf0973cc5ebb18bc5ff9ce7ff19e89bb

FAQ

What is CVE-2026-3327?

CVE-2026-3327 is a documented vulnerability. Authenticated Iframe Injection in Dato CMS Web Previews plugin. This vulnerability permits a malicious authenticated user to circumvent the restriction enforced on the configured frontend URL, enablin...

How severe is CVE-2026-3327?

CVSS scoring is not yet available for CVE-2026-3327. Check NVD for updates.

Is there a patch for CVE-2026-3327?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.