Plattform
php
Komponente
statamic/cms
Behoben in
5.73.17
6.0.1
5.73.16
CVE-2026-28425 is a Remote Code Execution (RCE) vulnerability impacting Statamic CMS versions up to 5.9.0. An authenticated control panel user with access to Antlers-enabled inputs can exploit this flaw to achieve remote code execution within the application's context. This can lead to a complete compromise of the system, potentially exposing sensitive data and disrupting service. A fix is available in version 5.73.16.
The impact of CVE-2026-28425 is significant due to the potential for full system compromise. An attacker exploiting this vulnerability could gain access to sensitive configuration files, modify or exfiltrate data stored within the Statamic CMS, and even disrupt the availability of the application. The vulnerability hinges on the use of Antlers, Statamic’s templating engine, within user-controlled content fields. This means that if an attacker can create or modify content with Antlers enabled, they can inject malicious code that will be executed by the CMS. This is particularly concerning in environments where users have broad permissions to configure fields and edit entries.
CVE-2026-28425 was published on 2026-03-01. Currently, there are no publicly available proof-of-concept exploits. The EPSS score is pending evaluation. Given the RCE nature of the vulnerability and the potential for widespread impact, it is crucial to prioritize remediation. Monitor security advisories and threat intelligence feeds for any signs of active exploitation.
Organizations using Statamic CMS with Antlers enabled, particularly those with multiple users who have permissions to configure fields and edit content, are at risk. Shared hosting environments where multiple users share the same Statamic CMS instance are also particularly vulnerable, as a compromised user could potentially impact other users on the same server.
• php: Examine Antlers-enabled content fields for suspicious code or unusual characters. Use grep to search for potentially malicious code snippets within content files.
• php: Review Statamic CMS logs for unusual activity or errors related to Antlers processing. Look for patterns indicative of code injection attempts.
• generic web: Monitor access logs for requests containing unusual Antlers syntax or parameters.
• generic web: Check response headers for unexpected content or code execution indicators.
disclosure
Exploit-Status
EPSS
0.14% (34% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-28425 is to upgrade Statamic CMS to version 5.73.16 or later. If immediate upgrading is not possible due to compatibility concerns or breaking changes, consider restricting access to Antlers-enabled inputs to only trusted users. Review and audit all Antlers configurations to ensure they adhere to security best practices. While a WAF might offer some protection, it's unlikely to be effective against this type of vulnerability without specific rules tailored to the Antlers templating engine. After upgrading, verify the fix by attempting to create or modify Antlers-enabled content and confirming that no malicious code is executed.
Actualice Statamic a la versión 5.73.16 o superior, o a la versión 6.7.2 o superior. Esto corrige la vulnerabilidad de ejecución remota de código a través de entradas habilitadas para Antlers en el panel de control. Asegúrese también de que cualquier complemento que dependa de Statamic esté utilizando una versión parcheada.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-28425 is a Remote Code Execution vulnerability in Statamic CMS versions up to 5.9.0. It allows authenticated users with Antlers access to execute arbitrary code on the server.
You are affected if you are using Statamic CMS versions 5.9.0 or earlier and have users with access to Antlers-enabled inputs.
Upgrade Statamic CMS to version 5.73.16 or later. If upgrading is not immediately possible, restrict access to Antlers-enabled inputs.
As of now, there are no publicly known active exploitation campaigns, but the vulnerability's severity warrants immediate attention and remediation.
Refer to the official Statamic security advisory on their website for detailed information and updates: [https://statamic.com/security/advisories](https://statamic.com/security/advisories)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.