← Retour aux CVEs
CVE-2026-27939
HIGH8.8
Description
Statmatic is a Laravel and Git powered content management system (CMS). Starting in version 6.0.0 and prior to version 6.4.0, Authenticated Control Panel users may under certain conditions obtain elevated privileges without completing the intended verification step. This can allow access to sensitive operations and, depending on the user’s existing permissions, may lead to privilege escalation. This has been fixed in 6.4.0.
Details CVE
Score CVSS v3.18.8
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisLOW
Interaction utilisateurNONE
Publie2/27/2026
Derniere modification3/10/2026
Sourcenvd
Observations honeypot0
Produits affectes
statamic:statamic
Faiblesses (CWE)
CWE-287
References
https://github.com/statamic/cms/commit/8639ef96217eaa682bc42e8a62769cb7c6a85d3a(security-advisories@github.com)
https://github.com/statamic/cms/security/advisories/GHSA-rw9x-pxqx-q789(security-advisories@github.com)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.