statamic/cms Security Advisories for v6.0.0-alpha.11 (2)
-
[HIGH] Statamic CMS vulnerable to privilege escalation via stored cross-site scripting
PKSA-fst8-xgkz-31tn CVE-2026-25759 GHSA-ff9r-ww9c-43x8
Affected version: >=6.0.0,<6.2.3
Reported by:
GitHub -
[MEDIUM] Statamic CMS's missing authorization allows access to assets
PKSA-nr63-r5tp-xby1 CVE-2026-25633 GHSA-gwmx-9gcj-332h
Affected version: >=6.0.0-alpha.1,<6.2.5|<5.73.6
Reported by:
GitHub