Statamic Cms

31 CVEs affecting Statamic Cms. Latest disclosed: 2026-05-29. Critical: 1, High: 12.

Top CVEs affecting Statamic Cms
CVESeverityScorePublishedSummary
CVE-2026-27593Critical9.32026-02-24Statmatic is a Laravel and Git powered content management system (CMS). Prior to versions 6.3.3 and 5.73.10, an attacker may leverage a vulnerability in the pa…
CVE-2026-27939High8.82026-02-27Statmatic is a Laravel and Git powered content management system (CMS). Starting in version 6.0.0 and prior to version 6.4.0, Authenticated Control Panel users…
CVE-2023-48217High8.82023-11-14Statamic is a flat-first, Laravel + Git powered CMS designed for building websites. In affected versions certain additional PHP files crafted to look like imag…
CVE-2026-33172High8.72026-03-20Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.14 and 6.7.0, a stored XSS vulnerability in SVG asset reuploads a…
CVE-2026-28426High8.72026-02-27Statmatic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.11 and 6.4.0, stored XSS vulnerability in svg and icon related c…
CVE-2026-25759High8.72026-02-11Statmatic is a Laravel and Git powered content management system (CMS). From 6.0.0 to before 6.2.3, a stored XSS vulnerability in content titles allows authent…
CVE-2023-47129High8.42023-11-10Statmic is a core Laravel content management system Composer package. Prior to versions 3.4.13 and 4.33.0, on front-end forms with an asset upload field, PHP f…
CVE-2024-24570High8.22024-02-01Statamic is a Laravel and Git powered CMS. HTML files crafted to look like jpg files are able to be uploaded, allowing for XSS. This affects the front-end form…
CVE-2026-41175High8.12026-04-22Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.20 and 6.13.0, manipulating query parameters on Control Panel and…
CVE-2026-27196High8.12026-02-21Statmatic is a Laravel and Git powered content management system (CMS). Versions 5.73.8 and below in addition to 6.0.0-alpha.1 through 6.3.1 have a Stored XSS…
CVE-2026-28425High8.02026-02-27Statmatic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.16 and 6.7.2, an authenticated control panel user with access to…
CVE-2025-64112High8.02025-10-30Statmatic is a Laravel and Git powered content management system (CMS). Stored XSS vulnerabilities in Collections and Taxonomies allow authenticated users with…
CVE-2023-48701High7.52023-11-21Statamic CMS is a Laravel and Git powered content management system (CMS). Prior to versions 3.4.15 an 4.36.0, HTML files crafted to look like images may be up…
CVE-2026-28423Medium6.82026-02-27Statmatic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.11 and 6.4.0, when Glide image manipulation is used in insecure…
CVE-2026-33886Medium6.52026-03-27Statamic is a Laravel and Git powered content management system (CMS). Starting in version 5.7.12 and prior to versions 5.73.16 and 6.7.2, a control panel user…
CVE-2026-33882Medium6.52026-03-27Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.16 and 6.7.2, the markdown preview endpoint could be manipulated…
CVE-2026-28424Medium6.52026-02-27Statmatic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.11 and 6.4.0, user email addresses were included in responses fr…
CVE-2026-33885Medium6.12026-03-27Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.16 and 6.7.2, the external URL detection used for redirect valida…
CVE-2026-33883Medium6.12026-03-27Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.16 and 6.7.2, the `user:reset_password_form` tag could render use…
CVE-2023-36828Medium5.52023-07-05Statamic is a flat-first, Laravel and Git powered content management system. Prior to version 4.10.0, the SVG tag does not sanitize malicious SVG. Therefore, a…