Primary

Context

Statamic CMS Server-Side Request Forgery Vulnerability in Glide Image Manipulation

Vulnerability

Patched

A server-side request forgery (SSRF) vulnerability has been identified in Statamic CMS versions prior to 5.73.11 and 6.4.0. When the Glide image manipulation feature is used in insecure mode, an unauthenticated user can exploit the image proxy to send HTTP requests to arbitrary URLs. This exploitation can access internal services, cloud metadata endpoints, and other hosts reachable from the server.

Impact

Exploitation of this vulnerability allows for server-side request forgery, where an attacker can make the server send requests to internal or external URLs, potentially accessing sensitive information or services.

Remediation

Users can upgrade to Statamic CMS versions 5.73.11 or 6.4.0 to address this vulnerability.

Added: Feb 28, 2026, 12:28 AM

Updated: Feb 28, 2026, 12:28 AM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

0.6

exploitability

7.7

remediation

7.7

relevance

3.3

threat

0.0

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

0.6

exploitability

7.7

remediation

7.7

relevance

3.3

threat

0.0

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Statamic CMS Server-Side Request Forgery Vulnerability in Glide Image Manipulation

Vulnerability

Impact

Remediation

Affected Products

Statamic

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating