CVE-2026-27939

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Statmatic versions 6.0.0 through 6.3.9

Description Statmatic is a Laravel and Git powered content management system (CMS). Authenticated Control Panel users may, under certain conditions, obtain elevated privileges without completing the intended verification step. This can allow access to sensitive operations and potentially lead to privilege escalation, depending on the user’s existing permissions.

Recommendations Statmatic versions 6.0.0 through 6.3.9 should be updated to version 6.4.0.

Exploit

Fix

LPE

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2026-27939

GHSA-RW9X-PXQX-Q789

Affected Products

Statmatic

CVE-2026-27939

Weakness Enumeration

Related Identifiers

Affected Products

References · 17