Product
An authorization bypass vulnerability (CVE-2026-9808) exists in Mautic 7 API v2 endpoints, where owner-scope restrictions are not properly enforced, allowing low-privilege authenticated API users to access or modify resources belonging to other users, bypassing ownership controls and impacting data confidentiality and integrity.