5.4

CVE-2026-33887

EPSS 0.02%
Veröffentlicht 27.03.2026 20:41:23
Zuletzt bearbeitet 08.04.2026 13:54:27
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.16 and 6.7.2, authenticated Control Panel users could view entry revisions for any collection with revisions enabled, regardless of whether they had the required collection permissions. This bypasses the authorization checks that the main entry controllers enforce, exposing entry field values and blueprint data. Users could also create entry revisions without edit permission, though this only snapshots the existing content state and does not affect published content. This has been fixed in 5.73.16 and 6.7.2.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Statamic ≫ Statamic Version < 5.73.16

Statamic ≫ Statamic Version >= 6.0.0 < 6.7.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.067

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	5.4	2.8	2.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://github.com/statamic/cms/security/advisories/GHSA-4hp7-3wxg-cv9q

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-33887

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-33887

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-33887

EUVD