Formwork Project Formwork — known CVE vulnerabilities
Every CVE whose affected-product data names Formwork Project Formwork, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2026-27198 — CVSS 8.8 (high): Formwork is a flat file-based Content Management System (CMS). In versions 2.0.0 through 2.3.3, the application fails to properly enforce…
CVE-2025-65956 — CVSS 6.5 (medium): Formwork is a flat file-based Content Management System (CMS). Prior to version 2.2.0, inserting unsanitized data into the blog tag field…
CVE-2023-24230 — CVSS 4.8 (medium): A stored cross-site scripting (XSS) vulnerability in the component /formwork/panel/dashboard of Formwork v1.12.1 allows attackers to…
CVE-2024-37160 — CVSS 4.8 (medium): Formwork is a flat file-based Content Management System (CMS). An attackers (requires administrator privilege) to execute arbitrary web…