Payload is a free and open source headless content management system. Prior to 3.73.0, when querying JSON or richText fields, user input was directly embedded into SQL without escaping, enabling blind SQL injection attacks. An unauthenticated attacker could extract sensitive data (emails, password reset tokens) and achieve full account takeover without password cracking. This vulnerability is fixed in 3.73.0.
PUBLISHED5.2CWE-89
Payload has an SQL Injection in JSON/RichText Queries on PostgreSQL/SQLite Adapters
Problem type
Affected products
payloadcms
payload
< 3.73.0 - AFFECTED
References
GitHub Security Advisories
GHSA-xx6w-jxg9-2wh8
@payloadcms/drizzle has SQL Injection in JSON/RichText Queries on PostgreSQL/SQLite Adapters
https://github.com/advisories/GHSA-xx6w-jxg9-2wh8Impact
When querying JSON or richText fields, user input was directly embedded into SQL without escaping, enabling blind SQL Injection attacks. An unauthenticated attacker could extract sensitive data (emails, password reset tokens) and achieve full account takeover without password cracking.
Users are affected if ALL of these are true:
- Payload version < v3.73.0
- Using a Drizzle-based database adapter (
@payloadcms/drizzleas dependency):@payloadcms/db-postgres@payloadcms/db-vercel-postgres@payloadcms/db-sqlite@payloadcms/db-d1-sqlite
- At least one accessible collection that has a
type: 'json'ortype: 'richText'field whereaccess.readreturns anything other thanfalse(trueorWhereconstraint)
Users are NOT affected if:
- Using
@payloadcms/db-mongodb - No JSON or richText fields exist in any collection
- All JSON/richText fields have
access: { read: () => false }
Patches
Upgrade to Payload v3.73.0 or later.
Workarounds
If a project cannot upgrade immediately, add access: { read: () => false } to all JSON and richText fields as a temporary mitigation.
JSON source
https://cveawg.mitre.org/api/cve/CVE-2026-25544Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2026-25544",
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"dateUpdated": "2026-02-06T21:07:01.122Z",
"dateReserved": "2026-02-02T19:59:47.375Z",
"datePublished": "2026-02-06T21:07:01.122Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M",
"dateUpdated": "2026-02-06T21:07:01.122Z"
},
"title": "Payload has an SQL Injection in JSON/RichText Queries on PostgreSQL/SQLite Adapters",
"descriptions": [
{
"lang": "en",
"value": "Payload is a free and open source headless content management system. Prior to 3.73.0, when querying JSON or richText fields, user input was directly embedded into SQL without escaping, enabling blind SQL injection attacks. An unauthenticated attacker could extract sensitive data (emails, password reset tokens) and achieve full account takeover without password cracking. This vulnerability is fixed in 3.73.0."
}
],
"affected": [
{
"vendor": "payloadcms",
"product": "payload",
"versions": [
{
"version": "< 3.73.0",
"status": "affected"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
"cweId": "CWE-89",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://github.com/payloadcms/payload/security/advisories/GHSA-xx6w-jxg9-2wh8",
"name": "https://github.com/payloadcms/payload/security/advisories/GHSA-xx6w-jxg9-2wh8",
"tags": [
"x_refsource_CONFIRM"
]
}
],
"metrics": [
{
"cvssV3_1": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
}
}
]
}
}
}