CVE-2026-33887 Statamic allows unauthorized content access through missing authorization in its revision controllers

Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.16 and 6.7.2, authenticated Control Panel users could view entry revisions for any collection with revisions enabled, regardless of whether they had the required collection permissions. This bypasses the...

CVE-2026-33887

Statamic CMS (Laravel/Git) contains a vulnerability in revision controllers: before versions 5.73.16 and 6.7.2, authenticated Control Panel users could view entry revisions for any collection with revisions enabled, bypassing collection permissions and exposing entry field values and blueprint da...

CVE-2026-33887 Statamic allows unauthorized content access through missing authorization in its revision controllers

Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.16 and 6.7.2, authenticated Control Panel users could view entry revisions for any collection with revisions enabled, regardless of whether they had the required collection permissions. This bypasses the...

GHSA-4HP7-3WXG-CV9Q Statamic allows unauthorized content access through missing authorization in its revision controllers

Impact Authenticated Control Panel users could view entry revisions for any collection with revisions enabled, regardless of whether they had the required collection permissions. This bypasses the authorization checks that the main entry controllers enforce, exposing entry field values and...