Security Vulnerability Report
中文
CVE-2026-33886 CVSS 6.5 MEDIUM

CVE-2026-33886

Published: 2026-03-27 21:17:25
Last Modified: 2026-04-08 14:04:00
Source: [email protected]

Description

Statamic is a Laravel and Git powered content management system (CMS). Starting in version 5.7.12 and prior to versions 5.73.16 and 6.7.2, a control panel user with access to Antlers-enabled fields could access sensitive application configuration values by inserting config variables into their content. This has been fixed in 5.73.16 and 6.7.2.

CVSS Details

CVSS Score
6.5
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:statamic:statamic:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:a:statamic:statamic:*:*:*:*:*:*:*:* - VULNERABLE
Statamic CMS 5.7.12 - 5.73.16
Statamic CMS < 6.7.2

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
<!-- Access application configuration key --> {{ config:app.key }} <!-- Access environment variable --> {{ env:DB_DATABASE }}

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-33886", "sourceIdentifier": "[email protected]", "published": "2026-03-27T21:17:25.490", "lastModified": "2026-04-08T14:04:00.420", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Statamic is a Laravel and Git powered content management system (CMS). Starting in version 5.7.12 and prior to versions 5.73.16 and 6.7.2, a control panel user with access to Antlers-enabled fields could access sensitive application configuration values by inserting config variables into their content. This has been fixed in 5.73.16 and 6.7.2."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-200"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:statamic:statamic:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.73.12", "versionEndExcluding": "5.73.16", "matchCriteriaId": "92075754-9F2E-48BB-BDC1-633959995B8E"}, {"vulnerable": true, "criteria": "cpe:2.3:a:statamic:statamic:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.5.0", "versionEndExcluding": "6.7.2", "matchCriteriaId": "00951847-F802-497B-AE90-7E9C19A95566"}]}]}], "references": [{"url": "https://github.com/statamic/cms/security/advisories/GHSA-gcqf-5x9f-hq7f", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.