Security: statamic/cms
Security Advisories
View known security vulnerabilities and report new vulnerabilities privately to maintainers.
-
Stored XSS via SVG Sanitization BypassGHSA-7rcv-55mj-chg7 published
Mar 17, 2026 by jasonvargaHigh -
Privilege escalation via stored cross-site scriptingGHSA-hcch-w73c-jp4m published
Mar 12, 2026 by jasonvargaModerate -
Privilege escalation via stored cross-site scriptingGHSA-5vrj-wf7v-5wr7 published
Feb 27, 2026 by jasonvargaHigh -
Missing authorization allows access to email addressesGHSA-w878-f8c6-7r63 published
Feb 27, 2026 by jasonvargaModerate -
Remote code execution via Antlers-enabled control panel inputsGHSA-cpv7-q2wx-m8rw published
Feb 27, 2026 by jasonvargaHigh -
Server-Side Request Forgery via GlideGHSA-cwpp-325q-2cvp published
Feb 27, 2026 by jasonvargaModerate -
Privilege escalation via elevated session bypassGHSA-rw9x-pxqx-q789 published
Feb 27, 2026 by jasonvargaHigh -
Account takeover via password reset link injectionGHSA-jxq9-79vj-rgvw published
Feb 23, 2026 by jasonvargaCritical -
Privilege escalation via stored cross-site scriptingGHSA-8r7r-f4gm-wcpq published
Feb 18, 2026 by jasonvargaHigh -
Privilege escalation via stored cross-site scriptingGHSA-ff9r-ww9c-43x8 published
Feb 11, 2026 by jasonvargaHigh