CVE-2026-33886: Statamic's sensitive configuration values are exposed to content editors via Antlers-enabled fields
A control panel user with access to Antlers-enabled fields could access sensitive application configuration values by inserting config variables into their content.
References
Code Behaviors & Features
Detect and mitigate CVE-2026-33886 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →