Security Advisories - statamic/cms - Packagist.org

statamic/cms Security Advisories for v6.20.0 (3)

[LOW] Statamic CMS's incorrect authorization lets view-only users submit Live Preview content reserved for editors

PKSA-9stt-y5w8-fn5y CVE-2026-54244 GHSA-7mqq-4v55-88gh

Affected version: >=6.0.0,<6.20.3|<5.74.0

Reported by:
GitHub
[MEDIUM] Statamic Vulnerable to CSV formula injection in form submission exports

PKSA-q7zp-ytbf-kmf9 CVE-2026-54243 GHSA-h77m-qrj7-jxcw

Affected version: <5.73.24|>=6.0.0,<6.20.1

Reported by:
GitHub
[MEDIUM] Statamic Vulnerable to Server-Side Request Forgery via Glide (DNS rebinding)

PKSA-9vds-c3yh-rq22 CVE-2026-54242 GHSA-v5c4-wcpj-x73m

Affected version: >=6.0.0,<6.20.1|<5.73.24

Reported by:
GitHub