CVE-2026-9808

An authorization bypass vulnerability exists in the Mautic 7 API v2 endpoints utilizing API Platform. Under certain conditions, roles configured with owner-scope restrictions such as viewown or editown are not properly enforced. This allows low-privilege authenticated API users to bypass...

CVE-2026-4776

An SQL injection vulnerability exists in Mautic's API contact filtering mechanism. Due to insufficient recursive sanitization of nested query parameters, an authenticated API user can bypass input filtering and inject arbitrary SQL commands...

GHSA-3FQ7-C5M8-G86X Mautic user without privileged access to the Marketplace can install and uninstall composer packages

Summary A non privileged user can install and remove arbitrary packages via composer for a composer based installed, even if the flag in update settings for enable composer based update is unticked. Impact A low-privileged user of the platform can install malicious code to obtain higher privilege...

Mautic 安全漏洞

Mautic is an open source marketing automation software from Mautic Open Source. The software monitors and manages websites, sends emails and manages customer resources. Mautic suffers from a security vulnerability that stems from being susceptible to SQL injection attacks, which allow an attacker...