CVE-2026-41175 | Statamic CMS up to 5.73.19/6.12.x REST API Endpoint externally-controlled input to select classes or code (GHSA-4jjr-vmv7-wh4w)

A vulnerability described as problematic has been identified in Statamic CMS up to 5.73.19/6.12.x. The affected element is an unknown function of the component REST API Endpoint. The manipulation results in use of externally-controlled input to select classes or code.

This vulnerability is reported as CVE-2026-41175. The attack can be launched remotely. No exploit exists.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More