Volerion logoVolerion
Volerion logoVolerion

Statamic CMS Unauthorized Access to Entry Revisions Vulnerability

Vulnerability

A vulnerability in Statamic CMS prior to versions 5.73.16 and 6.7.2 allows authenticated Control Panel users to access entry revisions for any collection with revisions enabled, without the necessary collection permissions. This issue arises from a failure to enforce proper authorization in the revision controllers, bypassing the checks implemented in the main entry controllers. As a result, unauthorized users can view entry field values and blueprint data. Additionally, users could create entry revisions without edit permission, although this only captured the current content state without impacting published content.

Impact

Exploitation of this vulnerability could lead to unauthorized access to entry revision data, including field values and blueprint information, for collections with revisions enabled.

Remediation

Users can upgrade to Statamic CMS versions 5.73.16 or 6.7.2 to address this vulnerability.

Added: Mar 27, 2026, 9:30 PM
Updated: Mar 27, 2026, 9:30 PM

Vulnerability Rating

Custom Algorithm
spread
5.2
impact
2.5
exploitability
5.4
remediation
7.7
relevance
4.8
threat
0.0
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.