threat
engine
.sh
Back
·
··:··
Home
/
Product
/
statamic
Product
statamic
29 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-41175
< 5.73.20
Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.20 and 6.13.0, manipulating query pa
8.1
HIGH
CVE-2026-33887
< 5.73.16
Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.16 and 6.7.2, authenticated Control
5.4
MEDIUM
CVE-2026-33886
>= 5.73.12 and < 5.73.16
Statamic is a Laravel and Git powered content management system (CMS). Starting in version 5.7.12 and prior to versions 5.73.16 an
6.5
MEDIUM
CVE-2026-33885
< 5.73.16
Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.16 and 6.7.2, the external URL detec
6.1
MEDIUM
CVE-2026-33884
< 5.73.16
Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.16 and 6.7.2, an authenticated Contr
4.3
MEDIUM
CVE-2026-33883
< 5.73.16
Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.16 and 6.7.2, the `user:reset_passwo
6.1
MEDIUM
CVE-2026-33882
< 5.73.16
Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.16 and 6.7.2, the markdown preview e
6.5
MEDIUM
CVE-2026-33177
< 5.73.14
Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.14 and 6.7.0, low-privileged Control
4.3
MEDIUM
CVE-2026-33172
< 5.73.14
Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.14 and 6.7.0, a stored XSS vulnerabi
8.7
HIGH
CVE-2026-33171
< 5.73.14
Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.14 and 6.7.0, authenticated Control
4.3
MEDIUM
CVE-2026-32612
>= 6.0.0 and < 6.6.2
Statamic is a Laravel and Git powered content management system (CMS). Prior to 6.6.2, stored XSS in the control panel color mode
5.4
MEDIUM
CVE-2026-28426
< 5.73.11
Statmatic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.11 and 6.4.0, stored XSS vulnerabil
8.7
HIGH
CVE-2026-28425
< 5.73.11
Statmatic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.16 and 6.7.2, an authenticated cont
8.0
HIGH
CVE-2026-28424
< 5.73.11
Statmatic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.11 and 6.4.0, user email addresses
6.5
MEDIUM
CVE-2026-28423
< 5.73.11
Statmatic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.11 and 6.4.0, when Glide image mani
6.8
MEDIUM
CVE-2026-27939
>= 6.0.0 and < 6.4.0
Statmatic is a Laravel and Git powered content management system (CMS). Starting in version 6.0.0 and prior to version 6.4.0, Auth
8.8
HIGH
CVE-2026-27593
< 5.73.10
Statmatic is a Laravel and Git powered content management system (CMS). Prior to versions 6.3.3 and 5.73.10, an attacker may lever
9.3
CRITICAL
CVE-2026-27196
< 5.73.9
Statmatic is a Laravel and Git powered content management system (CMS). Versions 5.73.8 and below in addition to 6.0.0-alpha.1 thr
8.1
HIGH
CVE-2026-25759
>= 6.0.0 and < 6.2.3
Statmatic is a Laravel and Git powered content management system (CMS). From 6.0.0 to before 6.2.3, a stored XSS vulnerability in
8.7
HIGH
CVE-2026-25633
< 5.73.6
Statamic is a, Laravel + Git powered CMS designed for building websites. Prior to 5.73.6 and 6.2.5, users without permission to vi
4.3
MEDIUM
CVE-2024-24570
< 3.4.17
Statamic is a Laravel and Git powered CMS. HTML files crafted to look like jpg files are able to be uploaded, allowing for XSS. Th
8.2
HIGH
CVE-2023-48701
< 3.4.15
Statamic CMS is a Laravel and Git powered content management system (CMS). Prior to versions 3.4.15 an 4.36.0, HTML files crafted
7.5
HIGH
CVE-2023-48217
< 3.4.14
Statamic is a flat-first, Laravel + Git powered CMS designed for building websites. In affected versions certain additional PHP fi
8.8
HIGH
CVE-2023-47129
< 3.4.13
Statmic is a core Laravel content management system Composer package. Prior to versions 3.4.13 and 4.33.0, on front-end forms with
8.3
HIGH
CVE-2023-36828
< 4.10.0
Statamic is a flat-first, Laravel and Git powered content management system. Prior to version 4.10.0, the SVG tag does not sanitiz
5.5
MEDIUM
CVE-2022-24784
< 3.2.39
Statamic is a Laravel and Git powered CMS. Before versions 3.2.39 and 3.3.2, it is possible to confirm a single character of a use
3.7
LOW
CVE-2021-45364
<= 3.2.26
A Code Execution vulnerability exists in Statamic Version through 3.2.26 via SettingsController.php. NOTE: the vendor indicates th
9.8
CRITICAL
CVE-2018-19598
all versions
Statamic 2.10.3 allows XSS via First Name or Last Name to the /users URI in an 'Add new user' request.
4.8
MEDIUM
CVE-2017-11422
< 2.6.0
Statamic framework before 2.6.0 does not correctly check a session's permissions when the methods from a user's class are called.
8.8
HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin