mautic/core Security Advisories for 7.0.x-dev (7)
-
[MEDIUM] Mautic has Stored Cross-Site Scripting (XSS) in Project Option Selector
PKSA-mhxb-h64m-td2q CVE-2026-9811 GHSA-5hvg-w58j-545m
Affected version: >=7.0.0,<7.1.2
Reported by:
GitHub -
[HIGH] Mautic has Stored Cross-Site Scripting (XSS) in Projects Component
PKSA-xbvd-zmn4-s43b CVE-2026-9809 GHSA-7h65-whp7-rgqf
Affected version: >=7.0.0,<7.1.2
Reported by:
GitHub -
[HIGH] Mautic has an Authorization Bypass in API v2 Endpoints
PKSA-199x-g3sb-2vrd CVE-2026-9808 GHSA-2jrw-c95w-h43g
Affected version: >=7.0.0,<7.1.2
Reported by:
GitHub -
[CRITICAL] Mautic vulnerable to Path Traversal via Campaign Import
PKSA-743g-7dzv-xbzg CVE-2026-9559 GHSA-6r9h-4h75-7q4x
Affected version: >=7.0.0,<7.1.2
Reported by:
GitHub -
[CRITICAL] Mautic has Server-Side Template Injection (SSTI) in Theme Templates
PKSA-5wpq-7gbm-cqxv CVE-2026-9558 GHSA-9fx4-7cmj-47vg
Affected version: >=7.0.0,<7.1.2|>=6.0.0,<6.0.9|>=5.0.0,<5.2.11|>=1.3.0,<4.4.13
Reported by:
GitHub -
[MEDIUM] Mautic Focus component Vulnerable to SSRF
PKSA-tmx3-5zmv-624c CVE-2026-9557 GHSA-jmv8-8j9j-rcpc
Affected version: >=7.0.0,<7.1.2|>=6.0.0,<6.0.9|>=5.0.0,<5.2.11|>=4.0.0,<=4.4.13
Reported by:
GitHub -
[HIGH] Mautic has SQL Injection in API Contact Filtering
PKSA-pdn1-217f-vc3y CVE-2026-4776 GHSA-fcmw-wx57-9p75
Affected version: >=7.0.0,<7.1.2|>=6.0.0,<6.0.9|>=5.0.0,<5.2.11|>=2.6.0,<=4.4.13
Reported by:
GitHub