PT-2026-28551 · Statamic · Statamic

Publicado

2026-03-26

Atualizado

2026-03-28

CVE-2026-33884

CVSS v3.1

4.3

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Statamic versions prior to 5.73.16 Statamic versions prior to 6.7.2

Description An authenticated Control Panel user with access to live preview could use a live preview token to access restricted content that the token was not intended for. This issue affects the content management system (CMS) and potentially impacts users with access to the Control Panel and live preview functionality.

Recommendations Update to Statamic version 5.73.16 or later. Update to Statamic version 6.7.2 or later.

Exploit

Correção

Incorrect Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-863

Identificadores relacionados

CVE-2026-33884

GHSA-8VWX-CCF6-5WG2

Produtos afetados

Statamic

PT-2026-28551 · Statamic · Statamic

CVE-2026-33884

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7