CVE-2026-49287 | Statamic CMS up to 5.73.22/6.19.x visitor-controlled externally-controlled input to select classes or code (GHSA-4jjr-vmv7-wh4w)
A vulnerability was found in Statamic CMS up to 5.73.22/6.19.x. It has been classified as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument visitor-controlled leads to use of externally-controlled input to select classes or code.
This vulnerability is documented as CVE-2026-49287. The attack can be initiated remotely. There is not any exploit available.
Upgrading the affected component is recommended.