What is CVE-2026-33172 — XSS in Statamic CMS?

CVE-2026-33172 is a stored XSS vulnerability in Statamic CMS, allowing authenticated users to inject malicious JavaScript through SVG asset reuploads.

Am I affected by CVE-2026-33172 in Statamic CMS?

You are affected if you are using Statamic CMS versions 6.6.3 or earlier. Upgrade to version 6.7.0 to mitigate the risk.

How do I fix CVE-2026-33172 in Statamic CMS?

Upgrade Statamic CMS to version 6.7.0 or later. As a temporary workaround, restrict SVG uploads or implement stricter input validation.

Is CVE-2026-33172 being actively exploited?

There is currently no evidence of active exploitation, but the vulnerability's high severity warrants prompt remediation.

Where can I find the official Statamic advisory for CVE-2026-33172?

Please refer to the Statamic security advisory for detailed information and updates: [https://statamic.com/security/advisories](https://statamic.com/security/advisories)

CVE-2026-33172 — Vulnerability Details

NEXTGUARD

Escanear grátis

CVE-2026-33172 — Vulnerability Details | NextGuard

Passos de Detecçãotraduzindo…

• php / server:

find /var/www/statamic/assets -name '*.svg' -print0 | xargs -0 grep -i '<script' |

• php / server:

journalctl -u php-fpm -f | grep -i "SVG sanitization bypass"

• generic web: Check asset directories for suspicious SVG files with obfuscated JavaScript code. • generic web: Review access logs for requests containing SVG files with unusual parameters or user agents.

Statamic has Stored XSS via SVG Sanitization Bypass

Impacto e Cenários de Ataquetraduzindo…

Contexto de Exploraçãotraduzindo…

Quem Está em Riscotraduzindo…

Passos de Detecçãotraduzindo…

Linha do Tempo do Ataque

Inteligência de Ameaças

Software Afetado

Classificação de Fraqueza (CWE)

Linha do tempo

Mitigação e Soluções Alternativastraduzindo…

Como corrigirtraduzindo…

Boletim de Segurança CVE

Perguntas frequentestraduzindo…

What is CVE-2026-33172 — XSS in Statamic CMS?

Am I affected by CVE-2026-33172 in Statamic CMS?

How do I fix CVE-2026-33172 in Statamic CMS?

Is CVE-2026-33172 being actively exploited?

Where can I find the official Statamic advisory for CVE-2026-33172?

Informações do pacote

Seu projeto está afetado?