CVE-2026-32612

Name of the Vulnerable Software and Affected Versions Statamic versions prior to 6.6.2

Description Statamic is a Laravel and Git powered content management system (CMS). A stored cross-site scripting (XSS) issue exists in the control panel color mode preference. This allows authenticated users with control panel access to inject malicious JavaScript. The injected JavaScript executes when a higher-privileged user impersonates their account. The issue allows for potential privilege escalation.

Recommendations Versions prior to 6.6.2 should be updated to version 6.6.2 or later.