Description

Statmatic is a Laravel and Git powered content management system (CMS). Prior to versions 6.3.3 and 5.73.10, an attacker may leverage a vulnerability in the password reset feature to capture a user's token and reset the password on their behalf. The attacker must know the email address of a valid account on the site, and the actual user must blindly click the link in their email even though they didn't request the reset. This has been fixed in 6.3.3 and 5.73.10.

INFO

Published Date :

2026-02-24T21:38:17.354Z

Last Modified :

2026-02-27T20:56:07.561Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-27593 vulnerability.

Vendors Products
Statamic
  • Cms
  • Statamic
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-27593.

URL Resource
https://github.com/statamic/cms/commit/6fdd03324982848e8754f2edd2265262d361714e cve-icon cve-icon
https://github.com/statamic/cms/commit/78e63dfcf705b116d5ac0f7f7f5a1a69be63d1be cve-icon cve-icon
https://github.com/statamic/cms/commit/b2be592ddfb588bcb88c9be454f3590e14b145b0 cve-icon cve-icon
https://github.com/statamic/cms/releases/tag/v5.73.10 cve-icon cve-icon
https://github.com/statamic/cms/releases/tag/v6.3.3 cve-icon cve-icon
https://github.com/statamic/cms/security/advisories/GHSA-jxq9-79vj-rgvw cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact