Post · bonfire.cafe

Post

Log in

Stephen Rees-Carter :laravel:

@valorin@phpc.social · 3 days ago

PSA for Statamic folks - update your sites ASAP! ⚠️

A CRITICAL vuln was discovered that allows full account takeover via password resets! 😱

All the details: https://cvereports.com/reports/CVE-2026-27593 #Laravel

CVE-2026-27593: Statamic's 'Choose Your Own Adventure' Password Reset

A critical vulnerability in Statamic CMS turns the password reset feature into an account takeover weapon. By injecting a malicious base URL into the reset request, attackers can force the system to email valid users a link that sends their reset token directly to the attacker's server.

bonfire.cafe

A space for Bonfire maintainers and contributors to communicate

bonfire.cafe: About · Code of conduct · Privacy · Users · Instances

Bonfire social · 1.0.2-alpha.34 no JS en

Automatic federation enabled

Log in