Primary

Context

Statamic CMS Markdown Preview Endpoint User Data Exposure Vulnerability

Vulnerability

Patched

A vulnerability exists in Statamic CMS versions prior to 5.73.16 and 6.7.2, where the markdown preview endpoint can be exploited to access sensitive data from various fieldtypes. Specifically, an authenticated user in the control panel could use the users fieldtype to obtain private information such as email addresses, encrypted passkey data, and encrypted two-factor authentication codes.

Impact

Exploitation of this vulnerability allows for unauthorized access to sensitive user information, including email addresses and encrypted data related to authentication and account security.

Remediation

Users can upgrade to Statamic CMS versions 5.73.16 or 6.7.2 to address this vulnerability.

Added: Mar 27, 2026, 9:31 PM

Updated: Mar 27, 2026, 9:31 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

2.5

exploitability

5.4

remediation

7.7

relevance

4.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

2.5

exploitability

5.4

remediation

7.7

relevance

4.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Statamic CMS Markdown Preview Endpoint User Data Exposure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Statamic

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating