← voltar
CVE-2026-27939

Statamic allows Authenticated Control Panel users to escalate privileges via elevated session bypass

CVSS 8.8 HIGHEPSS 0.4%CWE-287
Statmatic is a Laravel and Git powered content management system (CMS). Starting in version 6.0.0 and prior to version 6.4.0, Authenticated Control Panel users may under certain conditions obtain elevated privileges without completing the intended verification step. This can allow access to sensitive operations and, depending on the user’s existing permissions, may lead to privilege escalation. This has been fixed in 6.4.0.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Produtos afetados
statamic · cms

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/statamic/cms/commit/8639ef96217eaa682bc42e8a62769cb7c6a85d3ahttps://github.com/statamic/cms/security/advisories/GHSA-rw9x-pxqx-q789