CVE-2026-49287 is a HIGH-severity vulnerability in Statamic CMS, with a CVSS score of 7.4. The issue is an incomplete fix for CVE-2026-41175, allowing for loss of content and assets by manipulating sort parameters in a front-end template. This requires a template explicitly set up to sort by a visitor-controlled value. The vulnerability was published on June 19, 2026, and affects Statamic CMS versions pri [truncated]
Statamic CMS versions prior to 5.73.22 and 6.18.1 contain a Server-Side Request Forgery (SSRF) vulnerability in the Glide image proxy component. The vulnerability exists because URL validation for the Glide image proxy did not properly normalize IP address representations before checking whether they resolve to public IP addresses. This validation bypass allows unauthenticated attackers to supply URLs tha [truncated]