Tag
Mautic API SQL Injection Vulnerability (CVE-2026-4776)
1 rule 4 TTPs 1 CVEAn SQL injection vulnerability, tracked as CVE-2026-4776, exists in Mautic's API contact filtering mechanism due to insufficient recursive sanitization of nested query parameters, allowing an authenticated API user to bypass input filtering, inject arbitrary SQL commands, and retrieve sensitive database contents such as user credentials, system configurations, and personal identifiable information (PII), bypassing standard data access permissions.
Mautic 7 API v2 Authorization Bypass (CVE-2026-9808)
2 TTPs 1 CVEAn authorization bypass vulnerability (CVE-2026-9808) exists in Mautic 7 API v2 endpoints, where owner-scope restrictions are not properly enforced, allowing low-privilege authenticated API users to access or modify resources belonging to other users, bypassing ownership controls and impacting data confidentiality and integrity.
Mautic Stored XSS in Projects Component (CVE-2026-9809)
3 TTPs 1 CVEA high-severity stored Cross-Site Scripting (XSS) vulnerability, identified as CVE-2026-9809, affects Mautic 7's Projects component, allowing an authenticated user with project creation/edit permissions to inject malicious script payloads into project names that execute when an administrative user hovers over affected project tags, potentially leading to administrative actions, configuration alteration, or sensitive data exfiltration.
Mautic SQL Injection Vulnerability
2 rules 1 TTPA remote, authenticated attacker can exploit a vulnerability in Mautic to perform a SQL injection attack, potentially leading to unauthorized data access or modification.