Skip to content

Release history

KeystoneJS releases

CMS and web application platform.

Back to tool Latest release

All releases

1 shown

2026-03-19 Security relevant
Security fixes
  • CVE-2026-33326 — {field}.isFilterable access control could be bypassed in `findMany` queries by passing a `cursor`, allowing existence confirmation of protected records.
Full changelog

The following packages have been updated

@keystone-6/[email protected]

Bug Fixes

  • [core] Fix isFilterable bypass via cursor parameter in findMany query (#9790) @n0wsh

:rotating_light: Security Updates

We have identified and fixed 1 security vulnerability

  • CVE-2026-33326 - {field}.isFilterable access control could be bypassed in findMany queries by passing a cursor. This could be used to confirm the existence of records by protected field values.

:eyes: Review

See https://github.com/keystonejs/keystone/compare/2025-05-06...2026-03-19 to compare with our previous release.

View release on GitHub

Beta — feedback welcome: [email protected]