CVE-2026-33177

Medium CVSS: 4.3

Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.14 and 6.7.0, low-privileged Control Panel users could create taxonomy terms by submitting requests to the field action processing endpoint with attacker-controlled field definitions. This bypasses the authorization checks enforced on the standard taxonomy term creation endpoint. This has been fixed in 5.73.14 and 6.7.0.

Vendor

Statamic

Product

Statamic

CWE

CWE-862

Yayın Tarihi

2026-03-20 22:16:29

Güncelleme

2026-03-23 18:45:27

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-862 Statamic MEDIUM Statamic 2026

Referanslar

https://github.com/statamic/cms/security/advisories/GHSA-wh3h-gvc4-cc2g

Benzer Kayıtlar

Medium

CVE-2026-33171

Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.14 and 6.7.0, authenticate…

High

CVE-2026-33172

Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.14 and 6.7.0, a stored XSS…

Medium

CVE-2026-32612

Statamic is a Laravel and Git powered content management system (CMS). Prior to 6.6.2, stored XSS in the control panel c…

Medium

CVE-2026-28423

Statmatic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.11 and 6.4.0, when Glide…

Medium

CVE-2026-28424

Statmatic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.11 and 6.4.0, user email…

High

CVE-2026-28425

Statmatic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.16 and 6.7.2, an authenti…