CVE-2026-33882

MEDIUM6.5EPSS 0.11%

Statamic's Markdown preview endpoint exposes sensitive user data

發布日:2026/3/26修改日:2026/3/27

描述

### Impact The markdown preview endpoint could be manipulated to return augmented data from arbitrary fieldtypes. With the users fieldtype specifically, an authenticated control panel user could retrieve sensitive user data including email addresses, encrypted passkey data, and encrypted two-factor authentication codes. ### Patches This has been fixed in 5.73.16 and 6.7.2.

受影響套件(1)

Packagist/statamic/cmsfrom 0, < 5.73.16

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

參考連結(3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2026-33882
PATCHhttps://github.com/statamic/cms
WEBhttps://github.com/statamic/cms/security/advisories/GHSA-cvh3-23vq-w7h4