statamic/cms Security Advisories for v6.0.0-alpha.17 (3)
-
[HIGH] Statamic affected by privilege escalation via stored cross-site scripting
PKSA-vfrr-bp4n-314v CVE-2026-27196 GHSA-8r7r-f4gm-wcpq
Affected version: <5.73.9|>=6.0.0-alpha.1,<6.3.2
Reported by:
GitHub -
[HIGH] Statamic CMS vulnerable to privilege escalation via stored cross-site scripting
PKSA-fst8-xgkz-31tn CVE-2026-25759 GHSA-ff9r-ww9c-43x8
Affected version: >=6.0.0,<6.2.3
Reported by:
GitHub -
[MEDIUM] Statamic CMS's missing authorization allows access to assets
PKSA-nr63-r5tp-xby1 CVE-2026-25633 GHSA-gwmx-9gcj-332h
Affected version: >=6.0.0-alpha.1,<6.2.5|<5.73.6
Reported by:
GitHub