Content Management System Vulnerability in Statamic by Statamic
CVE-2026-41175

8.1HIGH

Key Information:

Vendor: Statamic
Status: Cms
Vendor: CVE Published:; 22 April 2026

What is CVE-2026-41175?

Statamic CMS, a popular content management system built on Laravel, contains vulnerabilities that could allow unauthorized access and manipulation of content, leading to potential loss of assets and user accounts. Users with minimal permissions, such as 'view entries' or 'view users', may be able to delete critical data. Additionally, API endpoints for REST and GraphQL, if enabled without authentication, are susceptible to exploitation without permission checks. It is vital for users to upgrade to versions 5.73.20 or 6.13.0 to mitigate these risks.

Affected Version(s)

cms < 5.73.20 < 5.73.20

cms >= 6.0.0-alpha.1, < 6.13.0 < 6.0.0-alpha.1, 6.13.0

References

https://github.com/statamic/cms/security/advisories/GHSA-...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 22, 2026
Vulnerability Reserved
Apr 17, 2026

CVE-2026-41175 Data

JSON