Craft CMS · Vulnerability Disclosure

Craft Cms Vulnerability Disclosure

Vulnerability disclosure

Craft CMS publishes a vulnerability disclosure policy for reporting security issues. A machine-readable /.well-known/security.txt is served. A dedicated security contact is published.

CMSContent ManagementGraphQLRESTHeadlessPHP
Program: security.txt present

Disclosure Policy

Policy

Security Contact

Contact
https://github.com/craftcms/cms/security/policy

Source

Vulnerability Disclosure

craft-cms-vulnerability-disclosure.yml Raw ↑
generated: '2026-07-11'
method: searched
probe: true
source: https://craftcms.com/.well-known/security.txt
policy:
- https://github.com/craftcms/cms/security/policy
contact:
- https://github.com/craftcms/cms/security/policy
evidence:
- source: https://craftcms.com/.well-known/security.txt
  kind: security.txt (live probe)