3 matches found
CVE-2026-33177
CVE-2026-33177 affects Statamic CMS (Laravel/Git-powered). Prior to versions 5.73.14 and 6.7.0, low-privileged Control Panel users could bypass authorization by submitting requests to the field action processing endpoint with attacker-controlled field definitions, enabling creation of taxonomy te...
CVE-2026-33177 Statamic is missing authorization check on taxonomy term creation via fieldtype
Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.14 and 6.7.0, low-privileged Control Panel users could create taxonomy terms by submitting requests to the field action processing endpoint with attacker-controlled field definitions. This bypasses the...
CVE-2026-33177 Statamic is missing authorization check on taxonomy term creation via fieldtype
Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.14 and 6.7.0, low-privileged Control Panel users could create taxonomy terms by submitting requests to the field action processing endpoint with attacker-controlled field definitions. This bypasses the...