CVE-2026-28425 | Statamic CMS up to 5.73.10/6.3.x code injection (GHSA-cpv7-q2wx-m8rw)

February 28, 2026 Yanac

A vulnerability has been found in Statamic CMS up to 5.73.10/6.3.x and classified as critical. This issue affects some unknown processing. This manipulation causes code injection.

This vulnerability appears as CVE-2026-28425. The attack may be initiated remotely. There is no available exploit.

The affected component should be upgraded.VulDB Recent EntriesRead More

CVE-2026-27939 | Statamic CMS up to 6.3.x improper authentication (GHSA-rw9x-pxqx-q789)
CVE-2026-28418 | vim up to 9.2.0073 Emacs-Style Tags File Parser heap-based overflow (GHSA-h4mf-vg97-hj8j)