← Back

CVE-2026-33177

nvd nist
Published: Mar 20, 2026Modified: Mar 23, 2026

JSON object

Loading...
4.3
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Exploitability: 2.8 / Impact: 1.4
Source: security-advisories@github.com (Secondary)

Description

Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.14 and 6.7.0, low-privileged Control Panel users could create taxonomy terms by submitting requests to the field action processing endpoint with attacker-controlled field definitions. This bypasses the authorization checks enforced on the standard taxonomy term creation endpoint. This has been fixed in 5.73.14 and 6.7.0.

Affected (2)

Products: Statamic: Statamic
Statamic
1 product
Statamic
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Statamic
Statamic
Before 5.73.14
Statamic
From 6.0.0 to 6.7.0

Related CWEs

CWE-862
Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (1)

Source: security-advisories@github.com
Vendor Advisory

Timeline

No history available yet.