CVE-2026-54243
CVE-2026-54243 affects Statamic CMS (Laravel/Git-powered). Prior to 5.73.24 and 6.20.1, form submission values exported to CSV via CsvExporter.php were not neutralized for spreadsheet formula characters. A value starting with =, +, -, or @ could be interpreted as a live formula when an editor ope...