ByteOS Network

NVD Vulnerability Details :

CVE-2026-27939

Received

Source-security-advisories@github.com

Published At-27 Feb, 2026 | 22:16

Updated At-27 Feb, 2026 | 22:16

Statmatic is a Laravel and Git powered content management system (CMS). Starting in version 6.0.0 and prior to version 6.4.0, Authenticated Control Panel users may under certain conditions obtain elevated privileges without completing the intended verification step. This can allow access to sensitive operations and, depending on the user’s existing permissions, may lead to privilege escalation. This has been fixed in 6.4.0.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Type: Secondary

Version: 3.1

Base score: 8.8

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weaknesses

CWE ID	Type	Source
CWE-287	Primary	security-advisories@github.com

CWE ID: CWE-287

Type: Primary

Source: security-advisories@github.com

References

Hyperlink	Source	Resource
https://github.com/statamic/cms/commit/8639ef96217eaa682bc42e8a62769cb7c6a85d3a	security-advisories@github.com	N/A
https://github.com/statamic/cms/security/advisories/GHSA-rw9x-pxqx-q789	security-advisories@github.com	N/A

Hyperlink: https://github.com/statamic/cms/commit/8639ef96217eaa682bc42e8a62769cb7c6a85d3a

Source: security-advisories@github.com

Resource: N/A

Hyperlink: https://github.com/statamic/cms/security/advisories/GHSA-rw9x-pxqx-q789

Source: security-advisories@github.com

Resource: N/A

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History