CVE-2026-54242
MEDIUM
4.9
CVSS 3.1
Description
Statamic is a Laravel and Git powered content management system (CMS). Prior to 5.73.24 and 6.20.1, the Glide image proxy's URL validation in src/Imaging/RemoteUrlValidator.php and src/Imaging/GuzzleAdapter.php could be bypassed using DNS rebinding. The remote hostname was validated as publicly routable, but resolved again when the image was actually fetched, so an attacker controlling the hostname's DNS could rebind it to an internal address after validation and cause the server to make HTTP requests to internal addresses, including loopback, private network, and cloud metadata endpoints. This affects sites that pass user-supplied URLs to Glide. This issue is fixed in versions 5.73.24 and 6.20.1.
Metadata
Severity & Metrics
4.9
MEDIUM CVSS 3.1
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N
Affected products (1)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| statamic | cms | — | < 5.73.24, >= 6.0.0, < 6.20.1 |
Weakness (CWE)
CVSS scores (1)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 4.9 | MEDIUM | 3.1 | cna | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N |
References (5)
- https://github.com/statamic/cms/security/advisories/GHSA-v5c4-wcpj-x73m https://github.com/statamic/cms/security/advisories/GHSA-v5c4-wcpj-x73m
- https://github.com/statamic/cms/pull/14761 https://github.com/statamic/cms/pull/14761
- https://github.com/statamic/cms/commit/d8f4575c425e2932f22ac030568e990be0dae2da https://github.com/statamic/cms/commit/d8f4575c425e2932f22ac030568e990be0dae2da
- https://github.com/statamic/cms/releases/tag/v5.73.24 https://github.com/statamic/cms/releases/tag/v5.73.24
- https://github.com/statamic/cms/releases/tag/v6.20.1 https://github.com/statamic/cms/releases/tag/v6.20.1