An SQL injection vulnerability exists in Mautic's API contact filtering mechanism. Due to insufficient recursive sanitization of nested query parameters, an authenticated API user can bypass input filtering and inject arbitrary SQL commands.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Mautic |
|
No data.
No data.
References
History
Fri, 29 May 2026 12:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Fri, 29 May 2026 09:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | SQL Injection via API Contact Filtering in Mautic |
Fri, 29 May 2026 08:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Mautic
Mautic mautic |
|
| Vendors & Products |
Mautic
Mautic mautic |
Fri, 29 May 2026 07:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | An SQL injection vulnerability exists in Mautic's API contact filtering mechanism. Due to insufficient recursive sanitization of nested query parameters, an authenticated API user can bypass input filtering and inject arbitrary SQL commands. | |
| Weaknesses | CWE-89 | |
| References |
| |
| Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Mautic
Published: 2026-05-29T06:58:24.087Z
Updated: 2026-05-29T11:41:44.104Z
Reserved: 2026-03-24T15:00:12.560Z
Link: CVE-2026-4776
Vulnrichment
Updated: 2026-05-29T11:41:38.393Z
NVD
Status : Deferred
Published: 2026-05-29T08:16:19.260
Modified: 2026-05-29T15:39:34.620
Link: CVE-2026-4776
Redhat
No data.