Primary

Context

Statamic CMS Privilege Escalation Vulnerability

Vulnerability

Patched

A vulnerability in Statamic CMS versions 6.0.0 through 6.4.0 allows authenticated Control Panel users to gain elevated privileges under certain conditions, bypassing the required verification step. This could lead to unauthorized access to sensitive operations and, depending on the user's existing permissions, privilege escalation.

Impact

Exploitation of this vulnerability could result in unauthorized privilege escalation, allowing users to gain elevated rights and access sensitive operations they would not normally be permitted to.

Reproduction

To reproduce this vulnerability, an authenticated user must access the Control Panel and navigate to a specific operation that requires elevated privileges. Under certain conditions, the user can bypass the verification step, leading to unauthorized access and potential privilege escalation.

Remediation

Users can upgrade to Statamic CMS version 6.4.0 or later to address this vulnerability.

Added: Feb 27, 2026, 10:31 PM

Updated: Feb 27, 2026, 10:31 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

5.0

exploitability

6.4

remediation

7.7

relevance

3.3

threat

4.8

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

5.0

exploitability

6.4

remediation

7.7

relevance

3.3

threat

4.8

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Statamic CMS Privilege Escalation Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Statamic

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating