CVE-2026-44306— Statamic: Email enumeration via forgot password endpoint

Statamic: Email enumeration via forgot password endpoint

Statamic is a Laravel and Git powered content management system (CMS). Prior to 5.73.21 and 6.15.0, responses from the forgot password forms hinted at whether an account existed for a given email address. An unauthenticated attacker could use this to enumerate valid users, which can aid in follow-up credential-based attacks. This vulnerability is fixed in 5.73.21 and 6.15.0.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

响应差异性信息暴露

Statamic 安全漏洞

Statamic是美国Statamic公司的一个基于 Laravel 构建的强大的平面文件 Cms。用于将所有内容、模板、资产和设置存储在文件而不是数据库中。 Statamic 5.73.21之前版本和6.15.0之前版本存在安全漏洞，该漏洞源于忘记密码表单响应提示账户是否存在，可能导致未经身份验证的攻击者枚举有效用户。

N/A

N/A