CVE-2026-25759

Name of the Vulnerable Software and Affected Versions Statamic versions 6.0.0 through 6.2.2

Description Statamic is a Laravel and Git powered content management system (CMS). A stored cross-site scripting (XSS) issue exists in content titles, allowing authenticated users with content creation permissions to inject malicious JavaScript. This JavaScript executes when viewed by users with higher privileges. An attacker with content control panel access can exploit this to create super administrator accounts. The vulnerable component is the content title functionality. The affected API endpoint is not specified. The vulnerable parameter is not specified.

Recommendations Upgrade to version 6.2.3 or later.