PT-2026-22424

Name of the Vulnerable Software and Affected Versions Statamic versions prior to 5.73.11 Statamic versions prior to 6.4.0 Description Statamic is a Laravel and Git powered content management system CMS. An authenticated control panel user with access to Antlers-enabled inputs may be able to achie...

Statamic 安全漏洞

Statamic is a powerful flat-file CMS built using Laravel by Statamic Inc. It allows all content, templates, assets, and settings to be stored in files rather than in a database. There were security vulnerabilities in versions prior to Statamic 5.73.11 and 6.4.0, which stemmed from the data endpoi...

PT-2026-22422

Name of the Vulnerable Software and Affected Versions Statmatic versions prior to 5.73.11 Statmatic versions prior to 6.4.0 Description Statmatic is a content management system. When Glide image manipulation is used in insecure mode, an unauthenticated user can exploit the image proxy to make the...

Statamic 代码注入漏洞

Statamic is a powerful flat-file CMS built using Laravel by Statamic Inc. It allows all content, templates, assets, and settings to be stored in files rather than in a database. Versions of Statamic 5.73.11 and earlier, as well as 6.4.0 and earlier, had a code injection vulnerability. This...

cms 授权问题漏洞

Cms is a software package developed by Statamic. Versions of CMS from 6.0.0 to 6.4.0 had an authorization issue vulnerability. This vulnerability stemmed from improper permission verification, which could lead to unauthorized privilege escalation...

CVE-2026-27593

Statmatic is a Laravel and Git powered content management system CMS. Prior to versions 6.3.3 and 5.73.10, an attacker may leverage a vulnerability in the password reset feature to capture a user's token and reset the password on their behalf. The attacker must know the email address of a valid...

CVE-2026-27593 Statamic is vulnerable to account takeover via password reset link injection

Statmatic is a Laravel and Git powered content management system CMS. Prior to versions 6.3.3 and 5.73.10, an attacker may leverage a vulnerability in the password reset feature to capture a user's token and reset the password on their behalf. The attacker must know the email address of a valid...

CVE-2026-27593 Statamic is vulnerable to account takeover via password reset link injection

Statmatic is a Laravel and Git powered content management system CMS. Prior to versions 6.3.3 and 5.73.10, an attacker may leverage a vulnerability in the password reset feature to capture a user's token and reset the password on their behalf. The attacker must know the email address of a valid...

CVE-2026-27593

Statamic CMS (Laravel/Git-based) is affected by CVE-2026-27593 via a password-reset vulnerability. Prior to versions 6.3.3 and 5.73.10, an attacker who knows a valid account’s email could capture a reset token and reset the password on behalf of the user, who must click the reset link in their em...

CVE-2026-27593 Statamic is vulnerable to account takeover via password reset link injection

Statmatic is a Laravel and Git powered content management system CMS. Prior to versions 6.3.3 and 5.73.10, an attacker may leverage a vulnerability in the password reset feature to capture a user's token and reset the password on their behalf. The attacker must know the email address of a valid...

Statamic is vulnerable to account takeover via password reset link injection

Impact An attacker may leverage a vulnerability in the password reset feature to capture a user's token and reset the password on their behalf. The attacker must know the email address of a valid account on the site, and the actual user must blindly click the link in their email even though they...

Weak Password Recovery Mechanism for Forgotten Password

Overview Affected versions of this package are vulnerable to Weak Password Recovery Mechanism for Forgotten Password in the password reset process. An attacker can gain unauthorized access to user accounts by injecting a malicious password reset link and capturing the reset token if the legitimat...

Statamic 授权问题漏洞

Statamic is a powerful flat-file CMS built using Laravel by Statamic Inc. It allows for storing all content, templates, assets, and settings in files rather than in a database. Versions of Statamic prior to 6.3.3 and 5.73.10 contained authorization vulnerabilities due to defects in the password...

PT-2026-21809

Name of the Vulnerable Software and Affected Versions Statmatic versions prior to 6.3.3 Statmatic versions prior to 5.73.10 Description An attacker can exploit a flaw in the password reset functionality to obtain a user's token and subsequently reset their password. The attacker requires the emai...

CVE-2026-27196

Statmatic is a Laravel and Git powered content management system CMS. Versions 5.73.8 and below in addition to 6.0.0-alpha.1 through 6.3.1 have a Stored XSS vulnerability in html fieldtypes which allows authenticated users with field management permissions to inject malicious JavaScript that...

CVE-2026-27196

Statmatic is a Laravel and Git powered content management system CMS. Versions 5.73.8 and below in addition to 6.0.0-alpha.1 through 6.3.1 have a Stored XSS vulnerability in html fieldtypes which allows authenticated users with field management permissions to inject malicious JavaScript that...

CVE-2026-27196 Statamic affected by privilege escalation via stored Cross-site Scripting

Statmatic is a Laravel and Git powered content management system CMS. Versions 5.73.8 and below in addition to 6.0.0-alpha.1 through 6.3.1 have a Stored XSS vulnerability in html fieldtypes which allows authenticated users with field management permissions to inject malicious JavaScript that...

CVE-2026-27196 Statamic affected by privilege escalation via stored Cross-site Scripting

Statmatic is a Laravel and Git powered content management system CMS. Versions 5.73.8 and below in addition to 6.0.0-alpha.1 through 6.3.1 have a Stored XSS vulnerability in html fieldtypes which allows authenticated users with field management permissions to inject malicious JavaScript that...

CVE-2026-27196

Statmatic is a Laravel and Git powered content management system CMS. Versions 5.73.8 and below in addition to 6.0.0-alpha.1 through 6.3.1 have a Stored XSS vulnerability in html fieldtypes which allows authenticated users with field management permissions to inject malicious JavaScript that...

CVE-2026-27196

Statamic CMS (Laravel/Git-based) vulnerability CVE-2026-27196: A Stored XSS in html fieldtypes affects versions 5.73.8 and earlier and 6.0.0-alpha.1 through 6.3.1. Authenticated users with field-management permissions can inject malicious JavaScript that runs for higher-privileged users when view...