Security Advisories - PKSA-74j5-mc2z-3jj1 - Packagist.org

PKSA-74j5-mc2z-3jj1 Security Advisory

[MEDIUM] Statamic's sensitive configuration values are exposed to content editors via Antlers-enabled fields

PKSA-74j5-mc2z-3jj1 CVE-2026-33886 GHSA-gcqf-5x9f-hq7f

Affected package: statamic/cms

Affected version: >=6.5.0,<6.7.2|>=5.73.12,<5.73.16

Reported by:
GitHub