Executive Summary

CVE-2026-33884 is a moderate severity vulnerability in the Statamic CMS affecting versions prior to 5.73.16 and 6.7.2. It allows an authenticated Control Panel user who has access to the live preview feature to misuse a live preview token to access restricted content entries that the token was not intended to authorize.

This vulnerability is due to an incorrect authorization weakness (CWE-863), where the system performs authorization checks but fails to enforce them correctly, leading to unauthorized content access.

Useful 0 Not Useful 0

Compliance Impact

This vulnerability allows unauthorized access to restricted content by an authenticated Control Panel user using a live preview token bypass. Such unauthorized disclosure of confidential information can impact compliance with data protection standards and regulations like GDPR and HIPAA, which require strict controls on access to sensitive data.

Since the vulnerability affects confidentiality by permitting unauthorized read access to restricted content, it may lead to violations of privacy and data protection requirements mandated by these regulations.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability impacts the confidentiality of the system by allowing unauthorized read access to restricted content. An attacker with low privileges and network access can exploit this issue without user interaction.

However, it does not affect the integrity or availability of the system.

Useful 0 Not Useful 0

Mitigation Strategies

To mitigate this vulnerability, you should upgrade the statamic/cms package to version 5.73.16 or later, or 6.7.2 or later.

This update fixes the live preview token bypass that allowed unauthorized access to restricted content.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability involves an authenticated Control Panel user exploiting a live preview token to access restricted content. Detection would involve monitoring for unauthorized use of live preview tokens or unusual access patterns to restricted content via the Control Panel.

Since the vulnerability requires authentication and involves token misuse, detection commands could focus on inspecting logs for live preview token usage and verifying the version of the Statamic CMS installed.

• Check the Statamic CMS version to ensure it is 5.73.16 or later, or 6.7.2 or later, where the vulnerability is fixed.
• Review web server or application logs for unusual access patterns to restricted content endpoints, especially those involving live preview tokens.
• Example command to check Statamic version (run on the server hosting Statamic): php please --version
• Example command to search logs for live preview token usage (assuming Apache logs): grep 'live-preview-token' /var/log/apache2/access.log
• Monitor for authenticated Control Panel user activity accessing content entries beyond their authorization scope.

Useful 0 Not Useful 0