Vulnerability Details CVE-2026-33177
Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.14 and 6.7.0, low-privileged Control Panel users could create taxonomy terms by submitting requests to the field action processing endpoint with attacker-controlled field definitions. This bypasses the authorization checks enforced on the standard taxonomy term creation endpoint. This has been fixed in 5.73.14 and 6.7.0.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 0.9%
CVSS Severity
CVSS v3 Score 4.3