statamic/cms Security Advisories for v5.73.20 (7)
-
[LOW] Statamic CMS's incorrect authorization lets view-only users submit Live Preview content reserved for editors
PKSA-9stt-y5w8-fn5y CVE-2026-54244 GHSA-7mqq-4v55-88gh
Affected version: >=6.0.0,<6.20.3|<5.74.0
Reported by:
GitHub -
[MEDIUM] Statamic Vulnerable to CSV formula injection in form submission exports
PKSA-q7zp-ytbf-kmf9 CVE-2026-54243 GHSA-h77m-qrj7-jxcw
Affected version: <5.73.24|>=6.0.0,<6.20.1
Reported by:
GitHub -
[MEDIUM] Statamic Vulnerable to Server-Side Request Forgery via Glide (DNS rebinding)
PKSA-9vds-c3yh-rq22 CVE-2026-54242 GHSA-v5c4-wcpj-x73m
Affected version: >=6.0.0,<6.20.1|<5.73.24
Reported by:
GitHub -
[HIGH] Statamic CMS's unsafe method invocation via collection sorting allows data destruction
PKSA-fhw5-pm86-31ff CVE-2026-49287 GHSA-m92m-r54r-x8r2
Affected version: >=6.0.0,<6.20.0|<5.73.23
Reported by:
GitHub -
[MEDIUM] Statamic CMS: Missing authorization on Control Panel fieldtype endpoints allows disclosure of restricted resources
PKSA-ykrx-2shq-vs9n CVE-2026-49288 GHSA-2497-6pwj-pwg7
Affected version: >=6.0.0,<6.20.0|<5.73.23
Reported by:
GitHub -
[MEDIUM] Statamic CMS: Server-Side Request Forgery via Glide
PKSA-7fht-jznj-7mgv CVE-2026-45660 GHSA-pf9c-ch8r-2958
Affected version: >=6.0.0-alpha.1,<6.18.1|<5.73.22
Reported by:
GitHub -
[MEDIUM] Statamic CMS vulnerable to email enumeration via forgot password endpoint
PKSA-ynr1-y6st-8cwm CVE-2026-44306 GHSA-m24v-f7g5-gq67
Affected version: >=6.0.0,<6.15.0|<5.73.21
Reported by:
GitHub