CVE-2026-27939

{"id": "CVE-2026-27939", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2026-02-27T22:16:22.993", "references": [{"url": "https://github.com/statamic/cms/commit/8639ef96217eaa682bc42e8a62769cb7c6a85d3a", "source": "[email protected]"}, {"url": "https://github.com/statamic/cms/security/advisories/GHSA-rw9x-pxqx-q789", "source": "[email protected]"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "Statmatic is a Laravel and Git powered content management system (CMS). Starting in version 6.0.0 and prior to version 6.4.0, Authenticated Control Panel users may under certain conditions obtain elevated privileges without completing the intended verification step. This can allow access to sensitive operations and, depending on the user\u2019s existing permissions, may lead to privilege escalation. This has been fixed in 6.4.0."}], "lastModified": "2026-03-02T20:30:10.923", "sourceIdentifier": "[email protected]"}