From 4566c0b713053fe09795f5793f539a71cfac2032 Mon Sep 17 00:00:00 2001
From: Daniel Haim <2808046+danielhaim1@users.noreply.github.com>
Date: Wed, 17 Jun 2026 17:21:56 +0200
Subject: [PATCH] Improve GHSA-xmjj-hvvj-3jr6

---
 .../GHSA-xmjj-hvvj-3jr6.json                  | 25 +++++++++++++++++--
 1 file changed, 23 insertions(+), 2 deletions(-)

diff --git a/advisories/unreviewed/2026/05/GHSA-xmjj-hvvj-3jr6/GHSA-xmjj-hvvj-3jr6.json b/advisories/unreviewed/2026/05/GHSA-xmjj-hvvj-3jr6/GHSA-xmjj-hvvj-3jr6.json
index 218bc66ba51b7..478d4e45a5ec6 100644
--- a/advisories/unreviewed/2026/05/GHSA-xmjj-hvvj-3jr6/GHSA-xmjj-hvvj-3jr6.json
+++ b/advisories/unreviewed/2026/05/GHSA-xmjj-hvvj-3jr6/GHSA-xmjj-hvvj-3jr6.json
@@ -1,11 +1,12 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-xmjj-hvvj-3jr6",
-  "modified": "2026-05-27T21:31:25Z",
+  "modified": "2026-05-27T21:32:27Z",
   "published": "2026-05-27T15:33:25Z",
   "aliases": [
     "CVE-2026-31266"
   ],
+  "summary": "Missing authorization vulnerability in Craft CMS migrate endpoint",
   "details": "Craft CMS 5.9.5 and earlier contains a Missing Authorization vulnerability in the migrate endpoint (/actions/app/migrate).",
   "severity": [
     {
@@ -13,7 +14,27 @@
       "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
     }
   ],
-  "affected": [],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Packagist",
+        "name": "craftcms/cms"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "last_affected": "5.9.5"
+            }
+          ]
+        }
+      ]
+    }
+  ],
   "references": [
     {
       "type": "ADVISORY",