CVE-2026-33171

Medium CVSS: 4.3

Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.14 and 6.7.0, authenticated Control Panel users could read arbitrary `.json`, `.yaml`, and `.csv` files from the server by manipulating the file dictionary's `filename` configuration parameter in the fieldtype's endpoint. This has been fixed in 5.73.14 and 6.7.0.

Vendor

Statamic

Product

Statamic

CWE

CWE-22

Yayın Tarihi

2026-03-20 22:16:28

Güncelleme

2026-03-23 18:46:31

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-22 Statamic MEDIUM Statamic 2026

Referanslar

https://github.com/statamic/cms/security/advisories/GHSA-qm7r-wwq7-6f85

Benzer Kayıtlar

Medium

CVE-2026-33177

Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.14 and 6.7.0, low-privileg…

High

CVE-2026-33172

Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.14 and 6.7.0, a stored XSS…

Medium

CVE-2026-32612

Statamic is a Laravel and Git powered content management system (CMS). Prior to 6.6.2, stored XSS in the control panel c…

Medium

CVE-2026-28423

Statmatic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.11 and 6.4.0, when Glide…

Medium

CVE-2026-28424

Statmatic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.11 and 6.4.0, user email…

High

CVE-2026-28425

Statmatic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.16 and 6.7.2, an authenti…