GHSA-m92m-r54r-x8r2
Suggest an improvement- Source
- https://github.com/advisories/GHSA-m92m-r54r-x8r2
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/06/GHSA-m92m-r54r-x8r2/GHSA-m92m-r54r-x8r2.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-m92m-r54r-x8r2
- Aliases
-
- CVE-2026-49287
- Published
- 2026-06-26T22:15:47Z
- Modified
- 2026-06-26T22:30:08.446517270Z
- Severity
-
- 7.4 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H CVSS Calculator
- Summary
- Statamic CMS's unsafe method invocation via collection sorting allows data destruction
- Details
-
Impact
The fix for GHSA-4jjr-vmv7-wh4w was incomplete. It addressed the issue in the query builder, but the same protection was not applied to in-memory collection sorting. Manipulating sort parameters could result in the loss of content and assets.
This requires a front-end template that passes request input into a tag's sort parameter. It is not exploitable by default — a template would need to be explicitly set up to sort by a visitor-controlled value.
Patches
This has been fixed in 5.73.23 and 6.20.0.
- Database specific
{ "nvd_published_at": "2026-06-19T18:16:19Z", "cwe_ids": [ "CWE-470" ], "github_reviewed": true, "severity": "HIGH", "github_reviewed_at": "2026-06-26T22:15:47Z" }- References
Affected packages
Packagist / statamic/cms
Package
- Name
- statamic/cms
- Purl
- pkg:composer/statamic%2Fcms
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.73.23
Affected versions
v3.*
v3.0.0-beta.1
v3.0.0-beta.2
v3.0.0-beta.3
v3.0.0-beta.4
v3.0.0-beta.5
v3.0.0-beta.6
v3.0.0-beta.7
v3.0.0-beta.8
v3.0.0-beta.9
v3.0.0-beta.10
v3.0.0-beta.11
v3.0.0-beta.12
v3.0.0-beta.13
v3.0.0-beta.14
v3.0.0-beta.15
v3.0.0-beta.16
v3.0.0-beta.17
v3.0.0-beta.18
v3.0.0-beta.19
v3.0.0-beta.20
v3.0.0-beta.21
v3.0.0-beta.22
v3.0.0-beta.23
v3.0.0-beta.24
v3.0.0-beta.25
v3.0.0-beta.26
v3.0.0-beta.27
v3.0.0-beta.28
v3.0.0-beta.29
v3.0.0-beta.30
v3.0.0-beta.31
v3.0.0-beta.32
v3.0.0-beta.33
v3.0.0-beta.34
v3.0.0-beta.35
v3.0.0-beta.36
v3.0.0-beta.37
v3.0.0-beta.38
v3.0.0-beta.39
v3.0.0-beta.40
v3.0.0-beta.41
v3.0.0-beta.42
v3.0.0-beta.43
v3.0.0-beta.44
v3.0.0-beta.45
v3.0.0-beta.46
v3.0.0
v3.0.1
v3.0.2
v3.0.3
v3.0.4
v3.0.5
v3.0.6
v3.0.7
v3.0.8
v3.0.9
v3.0.10
v3.0.11
v3.0.12
v3.0.13
v3.0.14
v3.0.15
v3.0.16
v3.0.17
v3.0.18
v3.0.19
v3.0.20
v3.0.21
v3.0.22
v3.0.23
v3.0.24
v3.0.25
v3.0.26
v3.0.27
v3.0.28
v3.0.29
v3.0.30
v3.0.31
v3.0.32
v3.0.33
v3.0.34
v3.0.35
v3.0.35.1
v3.0.36
v3.0.36.1
v3.0.37
v3.0.38
v3.0.39
v3.0.40
v3.0.41
v3.0.42
v3.0.43
v3.0.44
v3.0.45
v3.0.46
v3.0.47
v3.0.48
v3.0.49
v3.1.0-alpha.1
v3.1.0-alpha.2
v3.1.0-alpha.3
v3.1.0-alpha.4
v3.1.0-beta.1
v3.1.0-beta.2
v3.1.0-beta.3
v3.1.0
v3.1.1
v3.1.2
v3.1.3
v3.1.4
v3.1.5
v3.1.6
v3.1.7
v3.1.8
v3.1.9
v3.1.10
v3.1.11
v3.1.12
v3.1.13
v3.1.14
v3.1.15
v3.1.16
v3.1.17
v3.1.18
v3.1.19
v3.1.20
v3.1.21
v3.1.22
v3.1.23
v3.1.24
v3.1.25
v3.1.26
v3.1.27
v3.1.28
v3.1.29
v3.1.30
v3.1.31
v3.1.32
v3.1.33
v3.1.34
v3.1.35
v3.2.0-beta.1
v3.2.0
v3.2.1
v3.2.2
v3.2.3
v3.2.4
v3.2.5
v3.2.6
v3.2.7
v3.2.8
v3.2.9
v3.2.10
v3.2.11
v3.2.12
v3.2.13
v3.2.14
v3.2.15
v3.2.16
v3.2.17
v3.2.18
v3.2.19
v3.2.20
v3.2.21
v3.2.22
v3.2.23
v3.2.24
v3.2.25
v3.2.26
v3.2.27
v3.2.28
v3.2.29
v3.2.30
v3.2.31
v3.2.32
v3.2.33
v3.2.34
v3.2.35
v3.2.36
v3.2.37
v3.2.38
v3.2.39
v3.3.0-beta.1
v3.3.0-beta.2
v3.3.0-beta.3
v3.3.0-beta.4
v3.3.0-beta.5
v3.3.0-beta.6
v3.3.0-beta.7
v3.3.0
v3.3.1
v3.3.2
v3.3.3
v3.3.4
v3.3.5
v3.3.6
v3.3.7
v3.3.8
v3.3.9
v3.3.10
v3.3.11
v3.3.12
v3.3.13
v3.3.14
v3.3.15
v3.3.16
v3.3.17
v3.3.18
v3.3.19
v3.3.20
v3.3.21
v3.3.22
v3.3.23
v3.3.24
v3.3.25
v3.3.26
v3.3.27
v3.3.28
v3.3.29
v3.3.30
v3.3.31
v3.3.32
v3.3.33
v3.3.34
v3.3.35
v3.3.36
v3.3.37
v3.3.38
v3.3.39
v3.3.40
v3.3.41
v3.3.42
v3.3.43
v3.3.44
v3.3.45
v3.3.46
v3.3.47
v3.3.48
v3.3.49
v3.3.50
v3.3.51
v3.3.52
v3.3.53
v3.3.54
v3.3.55
v3.3.56
v3.3.57
v3.3.58
v3.3.59
v3.3.60
v3.3.61
v3.3.62
v3.3.63
v3.3.64
v3.3.65
v3.3.66
v3.3.67
v3.3.68
v3.4.0
v3.4.1
v3.4.2
v3.4.3
v3.4.4
v3.4.5
v3.4.6
v3.4.7
v3.4.8
v3.4.9
v3.4.10
v3.4.11
v3.4.12
v3.4.13
v3.4.14
v3.4.15
v3.4.16
v3.4.17
v4.*
v4.0.0-alpha.1
v4.0.0-alpha.2
v4.0.0-alpha.3
v4.0.0-alpha.4
v4.0.0-alpha.5
v4.0.0-beta.1
v4.0.0-beta.2
v4.0.0-beta.3
v4.0.0-beta.4
v4.0.0
v4.1.0
v4.1.1
v4.1.2
v4.1.3
v4.2.0
v4.3.0
v4.4.0
v4.5.0
v4.6.0
v4.7.0
v4.8.0
v4.9.0
v4.9.1
v4.9.2
v4.10.0
v4.10.1
v4.10.2
v4.11.0
v4.12.0
v4.13.0
v4.13.1
v4.13.2
v4.14.0
v4.15.0
v4.16.0
v4.17.0
v4.18.0
v4.19.0
v4.20.0
v4.21.0
v4.22.0
v4.23.0
v4.23.1
v4.23.2
v4.24.0
v4.25.0
v4.26.0
v4.26.1
v4.27.0
v4.28.0
v4.29.0
v4.30.0
v4.31.0
v4.32.0
v4.33.0
v4.34.0
v4.35.0
v4.36.0
v4.37.0
v4.38.0
v4.39.0
v4.40.0
v4.41.0
v4.42.0
v4.42.1
v4.43.0
v4.44.0
v4.45.0
v4.46.0
v4.47.0
v4.48.0
v4.49.0
v4.50.0
v4.51.0
v4.52.0
v4.53.0
v4.53.1
v4.53.2
v4.54.0
v4.55.0
v4.56.0
v4.56.1
v4.57.0
v4.57.1
v4.57.2
v4.57.3
v4.58.0
v4.58.1
v4.58.2
v4.58.3
v5.*
v5.0.0-alpha.1
v5.0.0-alpha.2
v5.0.0-alpha.3
v5.0.0-alpha.4
v5.0.0-alpha.5
v5.0.0-alpha.6
v5.0.0-beta.1
v5.0.0-beta.2
v5.0.0-beta.3
v5.0.0-beta.4
v5.0.0
v5.0.1
v5.0.2
v5.1.0
v5.2.0
v5.3.0
v5.4.0
v5.5.0
v5.6.0
v5.6.1
v5.6.2
v5.7.0
v5.7.1
v5.7.2
v5.7.3
v5.8.0
v5.9.0
v5.10.0
v5.11.0
v5.12.0
v5.13.0
v5.14.0
v5.15.0
v5.16.0
v5.17.0
v5.17.1
v5.18.0
v5.19.0
v5.20.0
v5.21.0
v5.22.0
v5.22.1
v5.23.0
v5.24.0
v5.25.0
v5.26.0
v5.27.0
v5.28.0
v5.29.0
v5.30.0
v5.31.0
v5.32.0
v5.33.0
v5.33.1
v5.34.0
v5.35.0
v5.36.0
v5.37.0
v5.38.0
v5.38.1
v5.39.0
v5.40.0
v5.41.0
v5.42.0
v5.42.1
v5.43.0
v5.43.1
v5.43.2
v5.44.0
v5.45.0
v5.45.1
v5.45.2
v5.46.0
v5.46.1
v5.47.0
v5.48.0
v5.48.1
v5.49.0
v5.49.1
v5.50.0
v5.51.0
v5.52.0
v5.53.0
v5.53.1
v5.54.0
v5.55.0
v5.56.0
v5.57.0
v5.58.0
v5.58.1
v5.59.0
v5.60.0
v5.61.0
v5.62.0
v5.63.0
v5.64.0
v5.65.0
v5.65.1
v5.65.2
v5.66.0
v5.67.0
v5.68.0
v5.69.0
v5.70.0
v5.71.0
v5.72.0
v5.73.0
v5.73.1
v5.73.2
v5.73.3
v5.73.4
v5.73.5
v5.73.6
v5.73.7
v5.73.8
v5.73.9
v5.73.10
v5.73.11
v5.73.12
v5.73.13
v5.73.14
v5.73.15
v5.73.16
v5.73.17
v5.73.18
v5.73.19
v5.73.20
v5.73.21
v5.73.22
Packagist / statamic/cms
Package
- Name
- statamic/cms
- Purl
- pkg:composer/statamic%2Fcms