Primary

Context

Statamic CMS Asset Authorization Vulnerability Allowing Unauthorized Access to Asset Metadata

Vulnerability

Patched

A vulnerability in Statamic CMS versions prior to 5.73.6 and 6.2.5 allows users without permission to view assets to download them and access their metadata. This issue does not affect logged-out users or those without control panel access.

Impact

Exploitation of this vulnerability allows unauthorized users to access and download assets they do not have permission to view, along with associated metadata.

Reproduction

To reproduce this vulnerability, a user must have a role that does not include permission to view assets. Once this is established, the user can request assets through the control panel, bypassing the intended authorization restrictions.

Remediation

Users can upgrade to Statamic CMS versions 5.73.6 or 6.2.5 to address this vulnerability.

Added: Feb 11, 2026, 9:26 PM

Updated: Feb 11, 2026, 9:26 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

0.6

exploitability

6.4

remediation

7.7

relevance

2.7

threat

4.8

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

0.6

exploitability

6.4

remediation

7.7

relevance

2.7

threat

4.8

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Statamic CMS Asset Authorization Vulnerability Allowing Unauthorized Access to Asset Metadata

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Statamic

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating