PT-2026-28553 · Statamic · Statamic

Publicado

2026-03-26

Atualizado

2026-03-28

CVE-2026-33886

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Statamic versions 5.7.12 through 5.73.15 Statamic versions 6.7.0 through 6.7.1

Description A control panel user with access to Antlers-enabled fields could access sensitive application configuration values by inserting config variables into their content. The issue involves the ability to access application configuration values through the insertion of config variables within content managed via Antlers-enabled fields.

Recommendations Update to Statamic version 5.73.16 or later. Update to Statamic version 6.7.2 or later.

Exploit

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2026-33886

GHSA-GCQF-5X9F-HQ7F

Produtos afetados

Statamic

PT-2026-28553 · Statamic · Statamic

CVE-2026-33886

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7