PT-2026-26205 · Packagist · Statamic Cms
Published
2026-03-18
·
Updated
2026-03-18
·
CVE-2026-33177
CVSS v3.1
4.3
Medium
| AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
Impact
Low-privileged Control Panel users could create taxonomy terms by submitting requests to the field action processing endpoint with attacker-controlled field definitions. This bypasses the authorization checks enforced on the standard taxonomy term creation endpoint.
Patches
This has been fixed in 5.73.14 and 6.7.0.
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Statamic Cms