CVE-2026-27939HIGH 8.8EPSS p30.3%

CVE-2026-27939CVE-2026-27939

Description

Statmatic is a Laravel and Git powered content management system (CMS). Starting in version 6.0.0 and prior to version 6.4.0, Authenticated Control Panel users may under certain conditions obtain elevated privileges without completing the intended verification step. This can allow access to sensitive operations and, depending on the user’s existing permissions, may lead to privilege escalation. This has been fixed in 6.4.0.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS0.39% probability of exploitation · percentile 30.3% · 2026-06-18T12:00:27Z
Published2026-02-27
Last modified2026-03-10

Underlying weaknesses· 1

CWE-287

References

  1. https://github.com/statamic/cms/commit/8639ef96217eaa682bc42e8a62769cb7c6a85d3a
  2. https://github.com/statamic/cms/security/advisories/GHSA-rw9x-pxqx-q789

1

TypeTargetConfidenceTier
WeaknessImproper Authenticationcwe-2870%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-25759
CVE
CVE-2026-27593
CVE
CVE-2025-64112
CVE
CVE-2026-28425
CVE
CVE-2026-28423
CVE
CVE-2026-41175
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.