Primary

Context

Statamic Open Redirect Vulnerability in Unauthenticated Endpoints

Vulnerability

Patched

An open redirect vulnerability has been identified in Statamic CMS versions prior to 5.73.16 and 6.7.2. The issue arises from the external URL detection used for redirect validation on unauthenticated endpoints, which could be bypassed. This flaw allowed users to be redirected to external URLs after performing actions such as form submissions and authentication flows.

Impact

Exploitation of this vulnerability could lead to open redirect behavior, allowing users to be sent to external URLs, potentially facilitating phishing attacks or other malicious activities.

Remediation

Users can upgrade to Statamic CMS versions 5.73.16 or 6.7.2 to address this vulnerability.

Added: Mar 27, 2026, 9:30 PM

Updated: Mar 27, 2026, 9:30 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

0.2

exploitability

6.4

remediation

7.7

relevance

4.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

0.2

exploitability

6.4

remediation

7.7

relevance

4.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Statamic Open Redirect Vulnerability in Unauthenticated Endpoints

Vulnerability

Impact

Remediation

Affected Products

Statamic

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating