Home / Vulnerability Intelligence / CVE-2026-27939

CVE-2026-27939 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: March 2, 2026

Statamic - Broken Access Control

Published: February 27, 2026Updated: March 2, 2026Remote Exploitable

Overview

Statamic 6.0.0 to < 6.4.0 contains a broken access control vulnerability caused by missing verification step for authenticated control panel users, letting attackers escalate privileges, exploit requires authenticated user access.

Severity & Score

Severity: High

CVSS Score: 8.8

EPSS Score: 1.2%(Probability of exploitation in next 30 days)

Impact

Authenticated users can escalate privileges, potentially gaining unauthorized access to sensitive operations.

Mitigation

Upgrade to version 6.4.0 or later.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Feb 28, 2026

🟠 CVE-2026-27939 - High (8.8) Statmatic is a Laravel and Git powered content management system (CMS). Starting in version 6.0.0 and prior to version 6.4.0, Authenticated Control Panel users may under certain conditions obtain elevated privileges without completing the intended... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27939/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-27939
Severity: High
CVSS Score: 8.8
Type: broken_access_control
Status: unconfirmed
EPSS: 1.2%
Social Posts: 1

CWE

CWE-287

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

1.2%Probability of exploitation in the next 30 days