Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

statamic — Vulnerabilities & Security Advisories 29

Browse all 29 CVE security advisories affecting statamic. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Statamic is a Laravel-based static site generator and content management system designed for developers seeking a flexible, file-driven approach to web content management. Its architecture allows for rapid deployment and simplified hosting, appealing to teams prioritizing performance and security through static output. However, the platform has faced significant scrutiny due to a high volume of recorded vulnerabilities, currently totaling 29 Common Vulnerabilities and Exposures. Historically, these security issues predominantly involve remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from improper input validation or insecure file handling within the underlying PHP framework. While the static nature of the generated sites theoretically reduces attack surfaces, the dynamic administration interface remains a frequent target. Recent incidents highlight the necessity for rigorous patching and secure configuration practices to mitigate risks associated with its evolving codebase and third-party dependencies.

Top products by statamic: cms
CVE IDTitleCVSSSeverityPublished
CVE-2026-41175 Statamic: Unsafe method invocation via query value resolution allows data destruction — cmsCWE-470 8.1 High2026-04-22
CVE-2026-33887 Statamic allows unauthorized content access through missing authorization in its revision controllers — cmsCWE-862 5.4 Medium2026-03-27
CVE-2026-33886 Statamic's sensitive configuration values are exposed to content editors via Antlers-enabled fields — cmsCWE-200 6.5 Medium2026-03-27
CVE-2026-33885 Statamic has an Open Redirect on unauthenticated endpoints via URL parsing differential — cmsCWE-601 6.1 Medium2026-03-27
CVE-2026-33884 Statamic's live preview token bypasses content protection for unrelated entries — cmsCWE-863 4.3 Medium2026-03-27
CVE-2026-33883 Statamic has Reflected XSS via unescaped redirect parameter in its password reset form tag — cmsCWE-79 6.1 Medium2026-03-27
CVE-2026-33882 Statamic's Markdown preview endpoint exposes sensitive user data — cmsCWE-20 6.5 Medium2026-03-27
CVE-2026-33177 Statamic is missing authorization check on taxonomy term creation via fieldtype — cmsCWE-862 4.3 Medium2026-03-20
CVE-2026-33172 Statamic has Stored XSS via SVG Sanitization Bypass — cmsCWE-79 8.7 High2026-03-20
CVE-2026-33171 Statamic has a path traversal in file dictionary fieldtype — cmsCWE-22 4.3 Medium2026-03-20
CVE-2026-32612 Statamic: privilege escalation via stored cross-site scripting — cmsCWE-79 5.4 Medium2026-03-12
CVE-2026-28426 Statamic vulnerable to privilege escalation via stored cross-site scripting — cmsCWE-79 8.7 High2026-02-27
CVE-2026-28425 Statamic vulnerable to remote code execution via Antlers-enabled control panel inputs — cmsCWE-94 8.0 High2026-02-27
CVE-2026-28424 Statamic's missing authorization allows access to email addresses — cmsCWE-862 6.5 Medium2026-02-27
CVE-2026-28423 Statamic Vulnerable to Server-Side Request Forgery via Glide — cmsCWE-918 6.8 Medium2026-02-27
CVE-2026-27939 Statamic allows Authenticated Control Panel users to escalate privileges via elevated session bypass — cmsCWE-287 8.8 High2026-02-27
CVE-2026-27593 Statamic is vulnerable to account takeover via password reset link injection — cmsCWE-640 9.3 Critical2026-02-24
CVE-2026-27196 Statamic affected by privilege escalation via stored Cross-site Scripting — cmsCWE-79 8.1 High2026-02-21
CVE-2026-25759 Statmatic affected by privilege escalation via stored cross-site scripting — cmsCWE-79 8.7 High2026-02-11
CVE-2026-25633 Statamic's missing authorization allows access to assets — cmsCWE-862 4.3 Medium2026-02-11
CVE-2025-64112 Statmatic vulnerable to Stored Cross-Site Scripting — cmsCWE-79 8.0 High2025-10-30
CVE-2024-52600 Statamic CMS has Path Traversal in Asset Upload — cmsCWE-22 5.3 Medium2024-11-19
CVE-2024-36119 Password confirmation stored in plain text via registration form in statamic/cms — cmsCWE-312 1.8 Low2024-05-30
CVE-2024-24570 Statamic account takeover via XSS and password reset link — cmsCWE-79 8.2 High2024-02-01
CVE-2023-48701 Statamic CMS vulnerable to Cross-site Scripting via uploaded assets — cmsCWE-79 7.5 High2023-11-21
CVE-2023-48217 Remote code execution via form uploads in statamic/cms — cmsCWE-94 8.8 High2023-11-14
CVE-2023-47129 Statamic CMS remote code execution via front-end form uploads — cmsCWE-434 8.4 High2023-11-10
CVE-2023-36828 Statamic's Antlers sanitizer cannot effectively sanitize malicious SVG — cmsCWE-79 5.5 Medium2023-07-05
CVE-2022-24784 Discoverability of user password hash in Statamic CMS — cmsCWE-200 3.7 Low2022-03-25

This page lists every published CVE security advisory associated with statamic. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.