CVE-2026-33887 in Statamic CMSinfo

Zusammenfassung (Englisch)

Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.16 and 6.7.2, authenticated Control Panel users could view entry revisions for any collection with revisions enabled, regardless of whether they had the required collection permissions. This bypasses the authorization checks that the main entry controllers enforce, exposing entry field values and blueprint data. Users could also create entry revisions without edit permission, though this only snapshots the existing content state and does not affect published content. This has been fixed in 5.73.16 and 6.7.2.

Zuständig

GitHub_M

Reservieren

24.03.2026

Veröffentlichung

27.03.2026

Einträge

VulDB provides additional information and datapoints for this CVE:

ID	Schwachstelle	CWE	Aus	Mas	CVE
354037	Statamic CMS Edit Permission erweiterte Rechte	862	Nicht definiert	Offizieller Fix	CVE-2026-33887

Beschreibung

CPE

CWE

CVSS

Exploits

History

Diff

Verknüpfen

Threat Intelligence

API JSON

API XML

API CSV

◂ ZurückÜbersichtWeiter ▸

Interested in the pricing of exploits?

See the underground prices here!