Back to CVE List

CVE-2026-4776

HIGH SEVERITY

CVSS Score & Metrics

Base Score
7.1 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L

Vulnerability Description

An SQL injection vulnerability exists in Mautic's API contact filtering mechanism. Due to insufficient recursive sanitization of nested query parameters, an authenticated API user can bypass input filtering and inject arbitrary SQL commands.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-89
Source
NVD
Vendor
composer
Product
mautic/core

External References

Discussion (0)

Add Comment

No comments yet. Be the first!