CVE-2026-27939— Statamic allows Authenticated Control Panel users to escalate privileges via elevated session bypass
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-27939
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Statamic allows Authenticated Control Panel users to escalate privileges via elevated session bypass
Source: NVD (National Vulnerability Database)
Vulnerability Description
Statmatic is a Laravel and Git powered content management system (CMS). Starting in version 6.0.0 and prior to version 6.4.0, Authenticated Control Panel users may under certain conditions obtain elevated privileges without completing the intended verification step. This can allow access to sensitive operations and, depending on the user’s existing permissions, may lead to privilege escalation. This has been fixed in 6.4.0.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
认证机制不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
cms 授权问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
cms是Statamic开源的一个软件包。 cms 6.0.0至6.4.0之前版本存在授权问题漏洞,该漏洞源于权限验证不当,可能导致权限提升。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-27939
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-27939
请登录查看更多情报信息。
- [5.x] Harden redirects (#14099) · statamic/cms@8639ef9 · GitHubx_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2026-27939
Same Patch Batch · statamic · 2026-02-27 · 5 CVEs total
| CVE-2026-28426 | 8.7 HIGH | Statamic vulnerable to privilege escalation via stored cross-site scripting |
| CVE-2026-28425 | 8.0 HIGH | Statamic vulnerable to remote code execution via Antlers-enabled control panel inputs |
| CVE-2026-28423 | 6.8 MEDIUM | Statamic Vulnerable to Server-Side Request Forgery via Glide |
| CVE-2026-28424 | 6.5 MEDIUM | Statamic's missing authorization allows access to email addresses |
IV. Related Vulnerabilities
Same product: cms
- CVE-2026-7508
Bootstrap CMS Page Creation show.blade.php code injection - CVE-2026-7317
Grav CMS Cache Value FileCache.php doGet deserialization - CVE-2026-7016
MaxSite CMS ushki Plugin cross site scripting - CVE-2026-7015
MaxSite CMS Guestbook Plugin cross site scripting - CVE-2026-7014
MaxSite CMS down_count Plugin cross site scripting
Same vendor: statamic
- CVE-2026-41175
Statamic: Unsafe method invocation via query value resolutio - CVE-2026-33887
Statamic allows unauthorized content access through missing - CVE-2026-33886
Statamic's sensitive configuration values are exposed to con - CVE-2026-33885
Statamic has an Open Redirect on unauthenticated endpoints v - CVE-2026-33884
Statamic's live preview token bypasses content protection fo
Same weakness: CWE-287
- CVE-2026-8244
Industrial Application Software IAS Canias ERP Login RMI imp - CVE-2026-8216
Industrial Application Software IAS Canias ERP Java RMI Sess - CVE-2026-8214
Industrial Application Software IAS Canias ERP RMI doAction - CVE-2026-42560
auth: Patreon provider assigns the same local user ID to eve - CVE-2026-41070
openvpn-auth-oauth2 returns FUNC_SUCCESS on client-deny, all
V. Comments for CVE-2026-27939
No comments yet