LeakyCreds
NewInstant webhook alerts now available ā€” notified within seconds of any credential detection.Learn more ā†’
Home / Vulnerability Intelligence / CVE-2026-33172

CVE-2026-33172 - Vulnerability Analysis

HighCVSS: 8.7

Last Updated: March 20, 2026

Statamic - Stored XSS

Published: March 20, 2026Updated: March 20, 2026Remote Exploitable

Overview

Statamic < 5.73.14 and < 6.7.0 contains a stored XSS vulnerability caused by improper SVG sanitization during asset reuploads, letting authenticated users with upload permissions inject malicious JavaScript, exploit requires asset upload permissions.

Severity & Score

Severity: High
CVSS Score: 8.7
EPSS Score: 0.0%(Probability of exploitation in next 30 days)

Impact

Authenticated users can inject malicious JavaScript that executes when SVG assets are viewed, leading to client-side script execution.

Mitigation

Update to version 5.73.14 or 6.7.0 or later.

References

Social Media Activity(4 posts)

TheHackerWire
TheHackerWire
@thehackerwire
Mar 20, 2026

šŸŸ  CVE-2026-33172 - High (8.7) Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.14 and 6.7.0, a stored XSS vulnerability in SVG asset reuploads allows authenticated users with asset upload permissions to bypass SVG sanitization and i... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-33172/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
TheHackerWire
TheHackerWire
@thehackerwire
Mar 20, 2026

šŸŸ  CVE-2026-33172 - High (8.7) Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.14 and 6.7.0, a stored XSS vulnerability in SVG asset reuploads allows authenticated users with asset upload permissions to bypass SVG sanitization and i... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-33172/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
TheHackerWire
TheHackerWire
@thehackerwire
Mar 20, 2026

šŸŸ  CVE-2026-33172 - High (8.7) Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.14 and 6.7.0, a stored XSS vulnerability in SVG asset reuploads allows authenticated users with asset upload permissions to bypass SVG sanitization and i... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-33172/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
TheHackerWire
TheHackerWire
@thehackerwire
Mar 20, 2026

šŸŸ  CVE-2026-33172 - High (8.7) Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.14 and 6.7.0, a stored XSS vulnerability in SVG asset reuploads allows authenticated users with asset upload permissions to bypass SVG sanitization and i... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-33172/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID
CVE-2026-33172
Severity
High
CVSS Score
8.7
Type
stored_xss
Status
new
EPSS
0.0%
Social Posts
4

CWE

  • CWE-79

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

EPSS Score

0.0%Probability of exploitation in the next 30 days