CVE-2026-9808 – Mautic Authorization Bypass

CVE ID :CVE-2026-9808

Published : May 29, 2026, 12:16 p.m. | 15 minutes ago

Description :An authorization bypass vulnerability exists in the Mautic 7 API v2 endpoints (utilizing API Platform). Under certain conditions, roles configured with owner-scope restrictions (such as `viewown` or `editown`) are not properly enforced. This allows low-privilege authenticated API users to bypass ownership-logic controls and access or modify resources belonging to other users.

Severity: 7.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-9811 – Mautic Stored Cross-Site Scripting (XSS) Vulnerability

CVE-2026-9809 – Mautic Stored XSS in Projects Component

CVE-2026-9559 – Mautic Remote Code Execution via Path Traversal

CVE-2025-41281 – Nozomi Networks Labs Waterfall WF-500 OS Command Injection