CVE Catalog

CVE-2026-49288

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.16%

6th percentile — higher than 6% of all known CVEs

Summary

Statamic is a Laravel and Git powered content management system. Prior to versions 5.73.23 and 6.20.0, an authenticated Control Panel user could view metadata and content for resources they don't have permission to view, potentially exposing sensitive information.

Risk Assessment

The organization may be at risk of exposing confidential information such as titles, custom field values, and the existence of users, roles, and groups, which could lead to privacy breaches.

Recommendation

It is recommended to upgrade to versions 5.73.23 or 6.20.0 to eliminate this vulnerability and secure access to sensitive data.

Original NVD description (English source)

Statamic is a Laravel and Git powered content management system (CMS). Prior to 5.73.23 and 6.20.0, an authenticated Control Panel user could view metadata and content for resources they don't have permission to view, including entries, assets, users, roles, groups, and other configured resources. Depending on the resource, this could expose titles, custom field values, entry content, asset metadata, and the existence of users, roles, and groups. No data could be modified. This has been fixed in 5.73.23 and 6.20.0.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS