{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-10T12:08:48.439","vulnerabilities":[{"cve":{"id":"CVE-2026-33177","sourceIdentifier":"security-advisories@github.com","published":"2026-03-20T22:16:29.117","lastModified":"2026-03-23T18:45:27.150","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.14 and 6.7.0, low-privileged Control Panel users could create taxonomy terms by submitting requests to the field action processing endpoint with attacker-controlled field definitions. This bypasses the authorization checks enforced on the standard taxonomy term creation endpoint. This has been fixed in 5.73.14 and 6.7.0."},{"lang":"es","value":"Statamic es un sistema de gestión de contenido (CMS) impulsado por Laravel y Git. Antes de las versiones 5.73.14 y 6.7.0, los usuarios del Panel de Control con bajos privilegios podían crear términos de taxonomía enviando solicitudes al endpoint de procesamiento de acciones de campo con definiciones de campo controladas por el atacante. Esto elude las comprobaciones de autorización aplicadas en el endpoint estándar de creación de términos de taxonomía. Esto ha sido corregido en 5.73.14 y 6.7.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:statamic:statamic:*:*:*:*:*:*:*:*","versionEndExcluding":"5.73.14","matchCriteriaId":"23CF5975-D5BE-4138-AE2F-95F7BBE00F20"},{"vulnerable":true,"criteria":"cpe:2.3:a:statamic:statamic:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0.0","versionEndExcluding":"6.7.0","matchCriteriaId":"6B99B257-0FC1-4CF9-B006-8AEC17235BC8"}]}]}],"references":[{"url":"https://github.com/statamic/cms/security/advisories/GHSA-wh3h-gvc4-cc2g","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}}]}