Statamic CMS Vulnerability Allows Data Deletion via API Manipulation
The National Vulnerability Database has detailed CVE-2026-41175, a high-severity vulnerability (CVSS 8.1) affecting Statamic, a Laravel and Git-powered CMS. This flaw allows attackers to manipulate query parameters or GraphQL arguments to delete content, assets, and user accounts. The vulnerability exists in versions prior to 5.73.20 and 6.13.0.
Exploitation through the Control Panel requires minimal authentication, such as ‘view entries’ permissions to delete entries. More critically, the REST and GraphQL APIs, if explicitly enabled without authentication and with specific resources exposed, can be exploited without any permissions. This is a significant concern, as an attacker could wipe critical data with unauthenticated access.
Defenders using Statamic must prioritize patching to versions 5.73.20 or 6.13.0 immediately. Organizations that have enabled the REST or GraphQL API without authentication should treat this as a critical priority, as their attack surface is dramatically increased. This isn’t just about data modification; it’s about complete data loss, which can cripple operations.
What This Means For You
- If your organization uses Statamic, you need to check your version immediately. If you're running anything prior to 5.73.20 or 6.13.0, patch it. Critically, if you've enabled Statamic's REST or GraphQL APIs without authentication, you are exposed to unauthenticated data deletion. Audit those configurations now and disable them unless absolutely necessary with proper authentication in place. This is a direct path to data destruction.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-41175 Statamic CMS API Data Deletion via Query Parameter Manipulation
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-41175 | Information Disclosure | Statamic CMS versions prior to 5.73.20 |
| CVE-2026-41175 | Information Disclosure | Statamic CMS versions prior to 6.13.0 |
| CVE-2026-41175 | Auth Bypass | Manipulating query parameters on Statamic Control Panel endpoints |
| CVE-2026-41175 | Auth Bypass | Manipulating query parameters on Statamic REST API endpoints (if enabled without authentication) |
| CVE-2026-41175 | Auth Bypass | Manipulating arguments in Statamic GraphQL queries (if enabled without authentication) |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | April 23, 2026 at 01:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related Posts
CVE-2026-6878 — ByteDance Verl Vulnerability
CVE-2026-6878 — A vulnerability was identified in ByteDance verl up to 0.7.0. Affected is the function math_equal of the file prime_math/grader.py. The manipulation leads to...
CVE-2026-6874 — A vulnerability was determined in ericc-ch copilot-api up
CVE-2026-6874 — A vulnerability was determined in ericc-ch copilot-api up to 0.7.0. This impacts an unknown function of the file /token of the component Header...
IBM Storage Console Flaw: Unauthenticated RCE Risk
CVE-2026-5935 — IBM Total Storage Service Console (TSSC) / TS4500 IMC 9.2, 9.3, 9.4, 9.5, 9.6 TSSC/IMC could allow an unauthenticated user to execute arbitrary commands...