← Back to CVEs
CVE-2026-27939
HIGH8.8
Description
Statmatic is a Laravel and Git powered content management system (CMS). Starting in version 6.0.0 and prior to version 6.4.0, Authenticated Control Panel users may under certain conditions obtain elevated privileges without completing the intended verification step. This can allow access to sensitive operations and, depending on the user’s existing permissions, may lead to privilege escalation. This has been fixed in 6.4.0.
CVE Details
CVSS v3.1 Score8.8
SeverityHIGH
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
Published2/27/2026
Last Modified3/10/2026
Sourcenvd
Honeypot Sightings0
Affected Products
statamic:statamic
Weaknesses (CWE)
CWE-287
References
https://github.com/statamic/cms/commit/8639ef96217eaa682bc42e8a62769cb7c6a85d3a(security-advisories@github.com)
https://github.com/statamic/cms/security/advisories/GHSA-rw9x-pxqx-q789(security-advisories@github.com)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.