A vulnerability described as problematic has been identified in Craft CMS up to 5.9.10 . The impacted element is the function Craft::configure of the file src/controllers/EntryTypesController.php of the component setting Handler . Such manipulation of the argument Settings leads to use of externally-controlled input to select classes or code. This vulnerability is traded as CVE-2026-32263 . The attack may be launched remotely. There is no exploit available. Upgrading the affected component is re