CVE-2026-45660 Statamic: Server-Side Request Forgery via Glide

Statamic is a Laravel and Git powered content management system CMS. Prior to 5.73.22 and 6.18.1, the Glide image proxy's URL validation could be bypassed using an IP representation that wasn't normalized before the public-IP check. An unauthenticated user could cause the server to make HTTP...

EUVD-2026-33365

Statamic is a Laravel and Git powered content management system CMS. Prior to 5.73.22 and 6.18.1, the Glide image proxy's URL validation could be bypassed using an IP representation that wasn't normalized before the public-IP check. An unauthenticated user could cause the server to make HTTP...

CVE-2026-45660 Statamic: Server-Side Request Forgery via Glide

Statamic is a Laravel and Git powered content management system CMS. Prior to 5.73.22 and 6.18.1, the Glide image proxy's URL validation could be bypassed using an IP representation that wasn't normalized before the public-IP check. An unauthenticated user could cause the server to make HTTP...

CVE-2026-45660

Statamic’s Glide image proxy vulnerability (CVE-2026-45660) allows SSRF via unsafely validated URL inputs, enabling unauthenticated requests to internal addresses (loopback, private networks, cloud metadata). Affected releases: Statamic before 5.73.22 and 6.18.1. Root cause: URL validation in Gli...

Statamic 代码问题漏洞

Statamic is a powerful flat-file CMS built using Laravel by Statamic Inc. It allows all content, templates, assets, and settings to be stored in files rather than in a database. There were code vulnerabilities in versions prior to Statamic 5.73.22 and 6.18.1. These vulnerabilities stemmed from UR...

Statamic CMS: Server-Side Request Forgery via Glide

Impact The Glide image proxy's URL validation could be bypassed using an IP representation that wasn't normalized before the public-IP check. An unauthenticated user could cause the server to make HTTP requests to internal addresses — including loopback, private network, and cloud metadata...

CVE-2026-28423

Statmatic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.11 and 6.4.0, when Glide image manipulation is used in insecure mode which is not the default, the image proxy can be abused by an unauthenticated user to make the server send HTTP requests to arbitrary...

CVE-2026-28423

CVE-2026-28423 affects Statamic CMS: prior to versions 5.73.11 and 6.4.0, when Glide image manipulation is used in insecure mode (not default), the image proxy can be abused by an unauthenticated user to trigger HTTP requests to arbitrary URLs via the URL or watermark feature, enabling access to ...

CVE-2026-28423 Statamic Vulnerable to Server-Side Request Forgery via Glide

Statmatic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.11 and 6.4.0, when Glide image manipulation is used in insecure mode which is not the default, the image proxy can be abused by an unauthenticated user to make the server send HTTP requests to arbitrary...

CVE-2026-28423 Statamic Vulnerable to Server-Side Request Forgery via Glide

Statmatic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.11 and 6.4.0, when Glide image manipulation is used in insecure mode which is not the default, the image proxy can be abused by an unauthenticated user to make the server send HTTP requests to arbitrary...