statamic/cms Security Advisories for v4.53.0 (3)
-
[MEDIUM] Statamic CMS's missing authorization allows access to assets
PKSA-nr63-r5tp-xby1 CVE-2026-25633 GHSA-gwmx-9gcj-332h
Affected version: >=6.0.0-alpha.1,<6.2.5|<5.73.6
Reported by:
GitHub -
[HIGH] Statamic Vulnerable to Superadmin Account Takeover via Stored Cross-Site Scripting and Lack of Proper X-CSRF-TOKEN Server-Side Validation
PKSA-mmp9-wb2h-d8gy CVE-2025-64112 GHSA-g59r-24g3-h7cm
Affected version: <=5.22.0
Reported by:
GitHub -
[MEDIUM] Statamic CMS has a Path Traversal in Asset Upload
PKSA-8gf5-xvpy-gbms CVE-2024-52600 GHSA-p7f6-8mcm-fwv3
Affected version: <=5.16.0
Reported by:
GitHub