Human
Machine
REPRO-2026-00112 HIGH RCE
Verified
Statamic CMS Stored XSS via Markdown Fieldtype
statamic/cms (composer) Feb 20, 2026
What's the vulnerability?
No summary available
Root Cause Analysis
One Command
Verify with pruva-verify
Run the Pruva CLI to automatically fetch and execute the reproduction script.
pruva-verify REPRO-2026-00112 or
pruva-verify GHSA-8r7r-f4gm-wcpq or
pruva-verify CVE-2026-27197 Install:
curl -fsSL https://pruva.dev/install.sh | sh Or Run Manually
1
Download the script
curl -O https://pruva.dev/api/v1/reproductions/REPRO-2026-00112/artifacts/repro/reproduction_steps.sh 2
Make executable
chmod +x reproduction_steps.sh 3
Run the script
./reproduction_steps.sh Run in a VM, container, or disposable environment. This exploits a real vulnerability.
How Pruva Reproduced This
Watch the AI agent's step-by-step process.
Loading session...
Artifacts
repro/rca_report.md6.1 KBrepro/reproduction_steps.sh3.3 KBbundle/source.json3.5 KBbundle/ticket.json5.5 KBbundle/ticket.md1.3 KBlogs/clone.log2.7 KBlogs/clone_fixed.log2.6 KBlogs/dompurify_audit.log0.0 KBlogs/html_fieldtype_original.vue0.2 KBlogs/html_fixed.vue0.4 KBlogs/html_vulnerable.vue0.2 KBlogs/icon_fieldtype.vue2.8 KBlogs/patch.diff3.2 KBlogs/variant_analysis.log0.9 KBlogs/vhtml_audit.log5.7 KBlogs/vulnerability.confirmed0.1 KBlogs/vulnerable_code.vue0.3 KB