PT-2026-28552 · Statamic · Statamic

Published

2026-03-26

Updated

2026-03-28

CVE-2026-33885

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Statamic versions prior to 5.73.16 Statamic versions prior to 6.7.2

Description The external URL detection used for redirect validation on unauthenticated endpoints could be bypassed. This allows users to be redirected to external URLs after actions like form submissions and authentication flows.

Recommendations Update to version 5.73.16 or later. Update to version 6.7.2 or later.

Exploit

Fix

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-601

Related Identifiers

CVE-2026-33885

GHSA-7F74-7Q5W-HJ4R

Affected Products

Statamic

PT-2026-28552 · Statamic · Statamic

CVE-2026-33885

Weakness Enumeration

Related Identifiers

Affected Products

References · 7