A vulnerability marked as problematic has been reported in Craft CMS up to 4.17.0-beta.0/5.9.0-beta.0 . Affected is an unknown function of the component Setting Handler . The manipulation leads to cross site scripting. This vulnerability is referenced as CVE-2026-56393 . Remote exploitation of the attack is possible. No exploit is available. It is suggested to upgrade the affected component.