What is CVE-2026-33882?

CVE-2026-33882 is a medium-severity vulnerability in Statamic Cms, classified under Improper Input Validation. CVSS score: 6.5/10. Published 2026-03-27.

How severe is CVE-2026-33882?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Information disclosure in Statamic Cms

CVE-2026-33882

Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.16 and 6.7.2, the markdown preview endpoint could be manipulated to return augmented data from arbitrary fieldtypes. With the users fieldtype spe…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.001 (28.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.

Affected products

Statamic Cms — versions < 5.73.16, >= 6.0.0-alpha.1, < 6.7.2

Weakness classification (CWE)

References

https://github.com/statamic/cms/security/advisories/GHSA-cvh3-23vq-w7h4 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2026-33882?: CVE-2026-33882 is a medium-severity vulnerability in Statamic Cms, classified under Improper Input Validation. CVSS score: 6.5/10. Published 2026-03-27.
How severe is CVE-2026-33882?: Medium severity. CVSS v3 base score is 6.5 out of 10.