CVE-2026-27196 - Statamic affected by privilege escalation via stored Cross-site Scripting

CVE ID : CVE-2026-27196 Published : Feb. 21, 2026, 5:17 a.m. | 1 hour, 51 minutes ago Description : Statmatic is a Laravel and Git powered content management system (CMS). Versions 5.73.8 and below in addition to 6.0.0-alpha.1 through 6.3.1 have a Stored XSS vulnerability in html fieldtypes which allows authenticated users with field management permissions to inject malicious JavaScript that executes when viewed by higher-privileged users. This issue has been fixed in 6.3.2 and 5.73.9. Severity: 8.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...