[HIGH] Statamic allows Authenticated Control Panel users to escalate privileges via elevated session bypass

PKSA-7n8y-6n2j-9v3z CVE-2026-27939 GHSA-rw9x-pxqx-q789

Affected package: statamic/cms

Affected version: >=6.0.0,<6.4.0

Reported by:
GitHub