A vulnerability categorized as critical has been discovered in Craft CMS up to 4.17.6/5.9.12 . Affected is an unknown function of the component SVG File Handler . Executing a manipulation can lead to path traversal. This vulnerability is handled as CVE-2026-56394 . The attack can be executed remotely. There is not any exploit available. It is advisable to upgrade the affected component.