CVE-2026-4776
7.1 HIGHAn SQL injection vulnerability exists in Mautic's API contact filtering mechanism
Published: 2026-05-29 · Last updated: 2026-05-29
Severity and scoring
- CVSS
- 7.1 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
- CWE
- CWE-89
Description
An SQL injection vulnerability exists in Mautic's API contact filtering mechanism. Due to insufficient recursive sanitization of nested query parameters, an authenticated API user can bypass input filtering and inject arbitrary SQL commands.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-52700 — Subscriber SQL Injection in WCMultiShipping <= 3.0.2 versions (8.5 HIGH)
- CVE-2026-52697 — Subscriber SQL Injection in Taskbuilder <= 5.0.7 versions (8.5 HIGH)
- CVE-2026-52693 — Unauthenticated SQL Injection in eCommerce Product Catalog <= 3.5.5 versions (9.3 CRITICAL)
- CVE-2026-49776 — Unauthenticated SQL Injection in GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites <= 2.32.6 vers... (9.3 CRITICAL)
- CVE-2026-49067 — Unauthenticated SQL Injection in Advanced 301 and 302 Redirect <= 1.6.9 versions (9.3 CRITICAL)