Skip to content
Threat Feed

Vendor

Mautic

4 briefs RSS
high advisory

Mautic API SQL Injection Vulnerability (CVE-2026-4776)

An SQL injection vulnerability, tracked as CVE-2026-4776, exists in Mautic's API contact filtering mechanism due to insufficient recursive sanitization of nested query parameters, allowing an authenticated API user to bypass input filtering, inject arbitrary SQL commands, and retrieve sensitive database contents such as user credentials, system configurations, and personal identifiable information (PII), bypassing standard data access permissions.

Mautic +3 sql-injection web-application cve ghsa
1r 4t 1c
high advisory

Mautic 7 API v2 Authorization Bypass (CVE-2026-9808)

An authorization bypass vulnerability (CVE-2026-9808) exists in Mautic 7 API v2 endpoints, where owner-scope restrictions are not properly enforced, allowing low-privilege authenticated API users to access or modify resources belonging to other users, bypassing ownership controls and impacting data confidentiality and integrity.

Mautic Core mautic authorization-bypass api web-application
2t 1c
high advisory

Mautic Stored XSS in Projects Component (CVE-2026-9809)

A high-severity stored Cross-Site Scripting (XSS) vulnerability, identified as CVE-2026-9809, affects Mautic 7's Projects component, allowing an authenticated user with project creation/edit permissions to inject malicious script payloads into project names that execute when an administrative user hovers over affected project tags, potentially leading to administrative actions, configuration alteration, or sensitive data exfiltration.

Mautic 7 xss web-application mautic cve
3t 1c
medium advisory

Mautic SQL Injection Vulnerability

A remote, authenticated attacker can exploit a vulnerability in Mautic to perform a SQL injection attack, potentially leading to unauthorized data access or modification.

Mautic sql-injection vulnerability
2r 1t