{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-03T15:46:02.541","vulnerabilities":[{"cve":{"id":"CVE-2026-28424","sourceIdentifier":"security-advisories@github.com","published":"2026-02-27T23:16:05.447","lastModified":"2026-03-05T14:46:10.460","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Statmatic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.11 and 6.4.0, user email addresses were included in responses from the user fieldtype’s data endpoint for control panel users who did not have the \"view users\" permission. This has been fixed in 5.73.11 and 6.4.0."},{"lang":"es","value":"Statmatic es un sistema de gestión de contenidos (CMS) impulsado por Laravel y Git. Antes de las versiones 5.73.11 y 6.4.0, las direcciones de correo electrónico de los usuarios se incluían en las respuestas del endpoint de datos del tipo de campo de usuario para los usuarios del panel de control que no tenían el permiso de 'ver usuarios'. Esto se ha corregido en las versiones 5.73.11 y 6.4.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:statamic:statamic:*:*:*:*:*:*:*:*","versionEndExcluding":"5.73.11","matchCriteriaId":"6AA21E74-C3F2-4275-8DEE-DF4DFBF43788"},{"vulnerable":true,"criteria":"cpe:2.3:a:statamic:statamic:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0.0","versionEndExcluding":"6.4.0","matchCriteriaId":"FA6EDD8D-7679-4292-8F49-71B2B3ACEC87"}]}]}],"references":[{"url":"https://github.com/statamic/cms/releases/tag/v5.73.11","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/statamic/cms/releases/tag/v6.4.0","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/statamic/cms/security/advisories/GHSA-w878-f8c6-7r63","source":"security-advisories@github.com","tags":["Patch","Vendor Advisory"]}]}}]}