Primary

Context

Statamic Taxonomy Term Creation Authorization Bypass Vulnerability

Vulnerability

Patched

An authorization bypass vulnerability has been identified in Statamic CMS versions prior to 5.73.14 and 6.7.0. Low-privileged Control Panel users could exploit this vulnerability by sending requests to the field action processing endpoint with custom field definitions. This approach circumvented the authorization checks that are normally applied on the standard taxonomy term creation endpoint, allowing unauthorized users to create taxonomy terms.

Impact

Exploitation of this vulnerability allowed low-privileged Control Panel users to create taxonomy terms without proper authorization, by bypassing the standard authorization checks on the taxonomy term creation endpoint.

Remediation

Users can upgrade to Statamic CMS versions 5.73.14 or 6.7.0 to address this vulnerability.

Added: Mar 20, 2026, 10:21 PM

Updated: Mar 20, 2026, 10:21 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

0.6

exploitability

5.4

remediation

7.7

relevance

4.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

0.6

exploitability

5.4

remediation

7.7

relevance

4.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Statamic Taxonomy Term Creation Authorization Bypass Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Statamic

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating