2026-03-19
📦 keystonejsView on GitHub →
🐛 2 fixes🔧 1 symbols
Summary
This patch release for @keystone-6/core (v6.5.2) primarily focuses on fixing a security vulnerability related to access control bypass in `findMany` queries using the `cursor` parameter.
🐛 Bug Fixes
- Fixed bypass of `isFilterable` via the `cursor` parameter in `findMany` queries.
- Addressed security vulnerability CVE-2026-33326 where `isFilterable` access control could be bypassed in `findMany` queries using a `cursor`, potentially allowing confirmation of protected record existence.