statamic

Top products

The 15 most recently published vulnerabilities affecting statamic.

• CVE-2026-49288Statamic CMS missing authorization on Control Panel fieldtype endpoints allows disclosure of restricted resources4.3Jun 19, 2026
• CVE-2026-49287Statamic CMS vulnerable to unsafe method invocation via collection sorting allows data destruction7.4Jun 19, 2026
• CVE-2026-45660Statamic: Server-Side Request Forgery via Glide5.4May 29, 2026
• CVE-2026-44306Statamic: Email enumeration via forgot password endpoint5.3May 12, 2026
• CVE-2026-41175Statamic: Unsafe method invocation via query value resolution allows data destruction8.1Apr 22, 2026
• CVE-2026-33887Statamic allows unauthorized content access through missing authorization in its revision controllers5.4Mar 27, 2026
• CVE-2026-33886Statamic's sensitive configuration values are exposed to content editors via Antlers-enabled fields6.5Mar 27, 2026
• CVE-2026-33885Statamic has an Open Redirect on unauthenticated endpoints via URL parsing differential6.1Mar 27, 2026
• CVE-2026-33884Statamic's live preview token bypasses content protection for unrelated entries4.3Mar 27, 2026
• CVE-2026-33883Statamic has Reflected XSS via unescaped redirect parameter in its password reset form tag6.1Mar 27, 2026
• CVE-2026-33882Statamic's Markdown preview endpoint exposes sensitive user data6.5Mar 27, 2026
• CVE-2026-33177Statamic is missing authorization check on taxonomy term creation via fieldtype4.3Mar 20, 2026
• CVE-2026-33172Statamic has Stored XSS via SVG Sanitization Bypass8.7Mar 20, 2026
• CVE-2026-33171Statamic has a path traversal in file dictionary fieldtype4.3Mar 20, 2026
• CVE-2026-32612Statamic: privilege escalation via stored cross-site scripting5.4Mar 12, 2026