GHSA-65W6-PF7X-5G85

Vulnerability from github – Published: 2026-04-08 00:15 – Updated: 2026-04-08 00:15
VLAI?
Summary
@delmaredigital/payload-puc is missing authorization on /api/puck/* CRUD endpoints allows unauthenticated access to Puck-registered collections
Details

Impact

All /api/puck/* CRUD endpoint handlers registered by createPuckPlugin() called Payload's local API with the default overrideAccess: true, bypassing all collection-level access control. The access option passed to createPuckPlugin() and any access rules defined on Puck-registered collections were silently ignored on these endpoints.

An unauthenticated remote attacker could:

  • List all documents (including drafts) in any Puck-registered collection
  • Read any document by ID (including drafts)
  • Create new documents with arbitrary field values
  • Update any document (including bypassing field-level access rules)
  • Delete any document
  • Read version history and restore arbitrary versions

In typical installations, the affected scope is the collection backing the website's pages (default slug: pages). For most users this means an attacker could read, modify, create, or delete every page on the website — including unpublished drafts and version history.

Scope is limited to collections explicitly registered with createPuckPlugin() — the endpoints validate the collection slug against an allowlist, so attackers cannot pivot to other Payload collections such as users, media, or business data not exposed to the plugin. The auto-created puck-templates, puck-ai-prompts, and puck-ai-context collections are also outside the allowlist; they have their own dedicated endpoints with separate authentication.

Other endpoints in the plugin (AI, styles, prompts, context, and the Next.js API route factories in src/api/) were unaffected — they had their own authentication checks.

Patches

Fixed in 0.6.23. All endpoint handlers in src/endpoints/index.ts now pass overrideAccess: false and forward req to Payload's local API, so collection-level access rules are evaluated against the current user.

Workarounds

If you cannot upgrade immediately, place a reverse-proxy or middleware authentication check in front of /api/puck/* to require an authenticated session before requests reach the plugin's handlers.

Severity ?
9.4 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "@delmaredigital/payload-puck"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.6.23"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-39397"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-862"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-08T00:15:54Z",
    "nvd_published_at": "2026-04-07T21:17:18Z",
    "severity": "CRITICAL"
  },
  "details": "### Impact\n\nAll `/api/puck/*` CRUD endpoint handlers registered by `createPuckPlugin()` called Payload\u0027s local API with the default `overrideAccess: true`, bypassing all collection-level access control. The `access` option passed to `createPuckPlugin()` and any `access` rules defined on Puck-registered collections were silently ignored on these endpoints.\n\nAn unauthenticated remote attacker could:\n\n- List all documents (including drafts) in any Puck-registered collection\n- Read any document by ID (including drafts)\n- Create new documents with arbitrary field values\n- Update any document (including bypassing field-level access rules)\n- Delete any document\n- Read version history and restore arbitrary versions\n\n**In typical installations**, the affected scope is the collection backing the website\u0027s pages (default slug: `pages`). For most users this means an attacker could read, modify, create, or delete every page on the website \u2014 including unpublished drafts and version history.\n\n**Scope is limited to collections explicitly registered with `createPuckPlugin()`** \u2014 the endpoints validate the collection slug against an allowlist, so attackers cannot pivot to other Payload collections such as `users`, `media`, or business data not exposed to the plugin. The auto-created `puck-templates`, `puck-ai-prompts`, and `puck-ai-context` collections are also outside the allowlist; they have their own dedicated endpoints with separate authentication.\n\nOther endpoints in the plugin (AI, styles, prompts, context, and the Next.js API route factories in `src/api/`) were unaffected \u2014 they had their own authentication checks.\n\n### Patches\n\nFixed in **0.6.23**. All endpoint handlers in `src/endpoints/index.ts` now pass `overrideAccess: false` and forward `req` to Payload\u0027s local API, so collection-level access rules are evaluated against the current user.\n\n### Workarounds\n\nIf you cannot upgrade immediately, place a reverse-proxy or middleware authentication check in front of `/api/puck/*` to require an authenticated session before requests reach the plugin\u0027s handlers.",
  "id": "GHSA-65w6-pf7x-5g85",
  "modified": "2026-04-08T00:15:54Z",
  "published": "2026-04-08T00:15:54Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/delmaredigital/payload-puck/security/advisories/GHSA-65w6-pf7x-5g85"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39397"
    },
    {
      "type": "WEB",
      "url": "https://github.com/delmaredigital/payload-puck/issues/7"
    },
    {
      "type": "WEB",
      "url": "https://github.com/delmaredigital/payload-puck/commit/9148201c6bbfa140d44546438027a2f8a70f79a4"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/delmaredigital/payload-puck"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "@delmaredigital/payload-puc is missing authorization on /api/puck/* CRUD endpoints allows unauthenticated access to Puck-registered collections"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.