VYPR
Medium severity6.1NVD Advisory· Published Mar 27, 2026· Updated Apr 8, 2026

CVE-2026-33885

CVE-2026-33885

Description

Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.16 and 6.7.2, the external URL detection used for redirect validation on unauthenticated endpoints could be bypassed, allowing users to be redirected to external URLs after actions like form submissions and authentication flows. This has been fixed in 5.73.16 and 6.7.2.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
statamic/cmsPackagist
< 5.73.165.73.16
statamic/cmsPackagist
>= 6.0.0.alpha.1, < 6.7.26.7.2

Affected products

2

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.