Contao Security Vulnerabilities (CVEs)
Track 9 security vulnerabilities affecting Contao products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
This vulnerability allows authenticated back-end users in Contao CMS to execute arbitrary PHP functions through template closures, potentially leading...
Nov 25, 2025This vulnerability in Contao CMS allows protected content elements to be indexed and publicly accessible through the front-end search functionality. A...
Aug 28, 2025This vulnerability allows authenticated back-end users in Contao CMS to access modules they shouldn't have permission to view. It affects Contao insta...
Aug 28, 2025This vulnerability allows attackers to upload malicious SVG files containing cross-site scripting (XSS) code to Contao CMS. When these files are proce...
Mar 18, 2025This vulnerability allows authenticated back-end users with file manager access in Contao CMS to upload malicious files and execute arbitrary code on ...
Sep 17, 2024This vulnerability allows untrusted users to inject Contao insert tags into canonical URL tags, which are then processed and rendered on the front-end...
Sep 17, 2024Contao CMS versions 4.9.0 through 4.13.39 and 5.0.0 through 5.3.3 inadvertently send session cookies to external URLs when checking for broken links o...
Apr 9, 2024CVE-2022-26265 is a critical remote command execution vulnerability in Contao Managed Edition v1.5.0 that allows attackers to execute arbitrary comman...
Mar 18, 2022This vulnerability allows untrusted back-end users in Contao CMS to execute arbitrary PHP code via insert tags. It affects installations where back-en...
Aug 11, 2021Why Monitor Contao Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 9+ known vulnerabilities affecting Contao products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Contao packages in under 60 seconds. No agents required - completely agentless scanning that works across Contao deployments.
Free vulnerability database: Access detailed information about every Contao CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Contao CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
