CVE-2026-27196: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in statamic cms
CVE-2026-27196 is a high-severity Stored Cross-Site Scripting (XSS) vulnerability in Statamic CMS versions 5. 73. 8 and below, as well as 6. 0. 0-alpha. 1 through 6. 3. 1. The flaw exists in the html fieldtypes, allowing authenticated users with field management permissions to inject malicious JavaScript code. This malicious script executes when viewed by users with higher privileges, potentially compromising confidentiality and integrity.
AI Analysis
Technical Summary
CVE-2026-27196 is a Stored Cross-Site Scripting (XSS) vulnerability classified under CWE-79, affecting Statamic CMS, a Laravel and Git-powered content management system. The vulnerability resides in the html fieldtypes component, which improperly neutralizes input during web page generation. Authenticated users with field management permissions can inject malicious JavaScript code into these fields. When higher-privileged users view the compromised content, the injected script executes in their browsers, potentially allowing attackers to hijack sessions, steal sensitive data, or perform actions with elevated privileges. The vulnerability affects Statamic versions 5.73.8 and below, and 6.0.0-alpha.1 through 6.3.1. It has been remediated in versions 5.73.9 and 6.3.2. The CVSS v3.1 base score is 8.1, reflecting high severity due to network attack vector, low attack complexity, requirement of high privileges, and user interaction. The scope is changed as the attack can impact higher-privileged users beyond the initial attacker. No public exploits have been reported yet, but the vulnerability poses a significant risk in environments where multiple privilege levels exist and field management permissions are granted.
Potential Impact
The impact of CVE-2026-27196 is significant for organizations using affected Statamic CMS versions. Successful exploitation allows an attacker with field management permissions to execute arbitrary JavaScript in the context of higher-privileged users, potentially leading to session hijacking, credential theft, unauthorized actions, and data exfiltration. This undermines the confidentiality and integrity of the CMS and its managed content. Since the attack requires authentication but low complexity, insider threats or compromised lower-privileged accounts could escalate their influence. The vulnerability does not directly affect availability but can facilitate further attacks that might. Organizations relying on Statamic CMS for content management, especially those with complex user roles and sensitive data, face increased risk of privilege escalation and data breaches if unpatched.
Mitigation Recommendations
To mitigate CVE-2026-27196, organizations should immediately upgrade Statamic CMS to versions 5.73.9 or 6.3.2 or later, where the vulnerability is patched. Additionally, review and restrict field management permissions to only trusted users to reduce the attack surface. Implement Content Security Policy (CSP) headers to limit the impact of injected scripts. Conduct regular audits of CMS content fields for suspicious or unauthorized scripts. Employ web application firewalls (WAFs) with rules targeting XSS payloads in CMS inputs. Educate administrators and users about the risks of XSS and the importance of cautious content management. Finally, monitor logs for unusual activities related to field modifications and user privilege escalations.
Affected Countries
United States, Germany, United Kingdom, Canada, Australia, Netherlands, France, Japan, India, Brazil
CVE-2026-27196: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in statamic cms
Description
CVE-2026-27196 is a high-severity Stored Cross-Site Scripting (XSS) vulnerability in Statamic CMS versions 5. 73. 8 and below, as well as 6. 0. 0-alpha. 1 through 6. 3. 1. The flaw exists in the html fieldtypes, allowing authenticated users with field management permissions to inject malicious JavaScript code. This malicious script executes when viewed by users with higher privileges, potentially compromising confidentiality and integrity.
AI-Powered Analysis
Technical Analysis
CVE-2026-27196 is a Stored Cross-Site Scripting (XSS) vulnerability classified under CWE-79, affecting Statamic CMS, a Laravel and Git-powered content management system. The vulnerability resides in the html fieldtypes component, which improperly neutralizes input during web page generation. Authenticated users with field management permissions can inject malicious JavaScript code into these fields. When higher-privileged users view the compromised content, the injected script executes in their browsers, potentially allowing attackers to hijack sessions, steal sensitive data, or perform actions with elevated privileges. The vulnerability affects Statamic versions 5.73.8 and below, and 6.0.0-alpha.1 through 6.3.1. It has been remediated in versions 5.73.9 and 6.3.2. The CVSS v3.1 base score is 8.1, reflecting high severity due to network attack vector, low attack complexity, requirement of high privileges, and user interaction. The scope is changed as the attack can impact higher-privileged users beyond the initial attacker. No public exploits have been reported yet, but the vulnerability poses a significant risk in environments where multiple privilege levels exist and field management permissions are granted.
Potential Impact
The impact of CVE-2026-27196 is significant for organizations using affected Statamic CMS versions. Successful exploitation allows an attacker with field management permissions to execute arbitrary JavaScript in the context of higher-privileged users, potentially leading to session hijacking, credential theft, unauthorized actions, and data exfiltration. This undermines the confidentiality and integrity of the CMS and its managed content. Since the attack requires authentication but low complexity, insider threats or compromised lower-privileged accounts could escalate their influence. The vulnerability does not directly affect availability but can facilitate further attacks that might. Organizations relying on Statamic CMS for content management, especially those with complex user roles and sensitive data, face increased risk of privilege escalation and data breaches if unpatched.
Mitigation Recommendations
To mitigate CVE-2026-27196, organizations should immediately upgrade Statamic CMS to versions 5.73.9 or 6.3.2 or later, where the vulnerability is patched. Additionally, review and restrict field management permissions to only trusted users to reduce the attack surface. Implement Content Security Policy (CSP) headers to limit the impact of injected scripts. Conduct regular audits of CMS content fields for suspicious or unauthorized scripts. Employ web application firewalls (WAFs) with rules targeting XSS payloads in CMS inputs. Educate administrators and users about the risks of XSS and the importance of cautious content management. Finally, monitor logs for unusual activities related to field modifications and user privilege escalations.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-02-18T19:47:02.154Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 69993c53be58cf853b46cc2b
Added to database: 2/21/2026, 5:02:11 AM
Last enriched: 2/21/2026, 5:16:48 AM
Last updated: 2/21/2026, 7:10:29 AM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2026-27471: CWE-862: Missing Authorization in frappe erpnext
CriticalCVE-2026-2863: Path Traversal in feng_ha_ha ssm-erp
MediumCVE-2026-2861: Information Disclosure in Foswiki
MediumCVE-2026-27212: CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in nolimits4web swiper
CriticalCVE-2026-26047: Uncontrolled Resource Consumption
MediumActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.