A vulnerability identified as problematic has been detected in Craft CMS up to 5.8.21 . This affects an unknown function of the component User Permissions Page . Performing a manipulation results in cross site scripting. This vulnerability was named CVE-2026-56381 . The attack may be initiated remotely. There is no available exploit. You should upgrade the affected component.