Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
Statmatic CMS: Elevated Privileges for Control Panel Users
CVE-2026-27939
GHSA-rw9x-pxqx-q789
GHSA-rw9x-pxqx-q789
Summary
Statmatic CMS users with control panel access may gain extra permissions in certain situations. This could let them access sensitive areas they shouldn't. Update to version 6.4.0 to fix this issue.
What to do
- Update statamic cms to version 6.4.0.
- Update statamic statamic/cms to version 6.4.0.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| statamic | cms | > 6.0.0 , <= 6.4.0 | 6.4.0 |
| statamic | statamic/cms | > 6.0.0 , <= 6.4.0 | 6.4.0 |
| statamic | statamic | > 6.0.0 , <= 6.4.0 | – |
Original title
Statmatic is a Laravel and Git powered content management system (CMS). Starting in version 6.0.0 and prior to version 6.4.0, Authenticated Control Panel users may under certain conditions obtain e...
Original description
Statmatic is a Laravel and Git powered content management system (CMS). Starting in version 6.0.0 and prior to version 6.4.0, Authenticated Control Panel users may under certain conditions obtain elevated privileges without completing the intended verification step. This can allow access to sensitive operations and, depending on the user’s existing permissions, may lead to privilege escalation. This has been fixed in 6.4.0.
nvd CVSS3.1
8.8
Vulnerability type
CWE-287
Improper Authentication
Published: 27 Feb 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026