CVE-2026-47266 - Formie: Unauthenticated front-end submission editing can overwrite existing submissions

CVE ID :CVE-2026-47266 Published : May 29, 2026, 8:16 p.m. | 2 hours, 8 minutes ago Description :Formie is a Craft CMS plugin for creating forms. Prior to 2.2.21 and 3.1.26, unauthenticated users could modify existing submissions by posting a known or guessed submission ID to formie/submissions/save-submission. This vulnerability is fixed in 2.2.21 and 3.1.26. Severity: 8.7 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...