{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-11T12:36:00.630","vulnerabilities":[{"cve":{"id":"CVE-2026-27939","sourceIdentifier":"security-advisories@github.com","published":"2026-02-27T22:16:22.993","lastModified":"2026-03-10T15:20:19.057","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Statmatic is a Laravel and Git powered content management system (CMS). Starting in version 6.0.0 and prior to version 6.4.0, Authenticated Control Panel users may under certain conditions obtain elevated privileges without completing the intended verification step. This can allow access to sensitive operations and, depending on the user’s existing permissions, may lead to privilege escalation. This has been fixed in 6.4.0."},{"lang":"es","value":"Statmatic es un sistema de gestión de contenido (CMS) impulsado por Laravel y Git. A partir de la versión 6.0.0 y antes de la versión 6.4.0, los usuarios autenticados del Panel de Control pueden, bajo ciertas condiciones, obtener privilegios elevados sin completar el paso de verificación previsto. Esto puede permitir el acceso a operaciones sensibles y, dependiendo de los permisos existentes del usuario, puede conducir a la escalada de privilegios. Esto ha sido corregido en la versión 6.4.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-287"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:statamic:statamic:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0.0","versionEndExcluding":"6.4.0","matchCriteriaId":"FA6EDD8D-7679-4292-8F49-71B2B3ACEC87"}]}]}],"references":[{"url":"https://github.com/statamic/cms/commit/8639ef96217eaa682bc42e8a62769cb7c6a85d3a","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/statamic/cms/security/advisories/GHSA-rw9x-pxqx-q789","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}}]}