CVE-2026-54244 in Statamic정보

요약

\~에 의해 MITRE • 2026. 07. 18.

Statamic is a Laravel and Git powered content management system (CMS). Prior to 5.74.0 and 6.20.3, the Live Preview endpoint for existing entries and terms in src/Http/Controllers/CP/PreviewController.php only checked view authorization, but it accepts and renders caller-supplied field values. A Control Panel user with view but not edit permission could therefore submit content they were not authorized to author and generate a shareable Live Preview URL rendering it. This issue is fixed in versions 5.74.0 and 6.20.3.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

책임이 있는

GitHub M

예약하다

2026. 06. 12.

모더레이션

수락

항목

VDB-379961

EPSS

0.00000

활동

낮음

출처

Do you want to use VulDB in your project?

Use the official API to access entries easily!