Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

CVE-2026-49288

Gravedad CVSS v3.1:
MEDIA
Tipo:
CWE-200 Revelación de información
Fecha de publicación:
19/06/2026
Última modificación:
23/06/2026

Descripción

*** Pendiente de traducción *** Statamic is a Laravel and Git powered content management system (CMS). Prior to 5.73.23 and 6.20.0, an authenticated Control Panel user could view metadata and content for resources they don't have permission to view, including entries, assets, users, roles, groups, and other configured resources. Depending on the resource, this could expose titles, custom field values, entry content, asset metadata, and the existence of users, roles, and groups. No data could be modified. This has been fixed in 5.73.23 and 6.20.0.

Referencias a soluciones, herramientas e información