MEDIUM
statamic
CVE published 2026-05-29
CVE-2026-45660
Statamic CMS versions prior to 5.73.22 and 6.18.1 contain a Server-Side Request Forgery (SSRF) vulnerability in the Glide image proxy component. The vulnerability exists because URL validation for the Glide image proxy did not properly normalize IP address representations before checking whether they resolve to public IP addresses. This validation bypass allows unauthenticated attackers to supply URLs tha [truncated]