Strapi Vulnerable to SQL Injection in Content Type Builder — CVE-2026-22599

Summary

### Summary of CVE-2026-22599 Vulnerability Details - CVE: CVE-2026-22599 - CVSS v3.1 Vector: `CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N` (9.3 — Critical) - Affected Versions: `@strapi/content-type-builder` <=5.33.1 (v5), `@strapi/plugin-content-type-builder` <=4.26.0 (v4) - How to Patch: Immediately update your Strapi to >=5.33.2 (v5) or >=4.26.1 (v4) ### Description of CVE-2026-22599 A…

Product

npm: @strapi/content-type-builder | npm: @strapi/plugin-content-type-builder

What to do

General, cautious steps (verify details in the official source):

• Prioritize patching or mitigation immediately (treat as actively risky).
• Identify affected product versions in your inventory and verify whether you are impacted.
• Apply vendor patches/updates or recommended mitigations as soon as available.
• Read the official advisory for exact affected versions and remediation steps.

Official advisory

• Read the official source
• CVE Record
• NVD

Related advisories