CVE-2026-9558 – Mautic Twig Template Injection Vulnerability

CVE ID :CVE-2026-9558

Published : May 29, 2026, 10:01 a.m. | 30 minutes ago

Description :A Server-Side Template Injection (SSTI) vulnerability exists in Mautic’s theme engine. The platform renders uploaded Twig templates without a sandbox or strict function restrictions. Authenticated users with permissions to create or upload themes can abuse this to execute arbitrary code on the hosting server (Remote Code Execution) or access restricted system files and configuration settings.

Severity: 9.9 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-9811 – Mautic Stored Cross-Site Scripting (XSS) Vulnerability

CVE-2026-9809 – Mautic Stored XSS in Projects Component

CVE-2026-9808 – Mautic Authorization Bypass

CVE-2026-9559 – Mautic Remote Code Execution via Path Traversal