CVE-2026-9557_CVE-2026-9557

6.4 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Description

A Server-Side Request Forgery (SSRF) vulnerability exists in Mautic's Focus component. Due to insufficient validation of user-supplied URLs, an authenticated user can trigger outbound HTTP requests from the hosting server, enabling internal network reconnaissance or forcing requests to arbitrary internal or external destinations.

Basic Information

ID CVE-2026-9557

Source Mautic

Published May 29, 2026 at 09:38

Modified May 29, 2026 at 10:51

Affected Product

Version 7.0.0

Affected Versions 4.0.0
5.0.0
6.0.0
7.0.0

CWE Classification

CWE-918

References

github.com /mautic/mautic/security/advisories/GHSA-jmv8-8j9j-rcpc

{
    "lastseen": "",
    "description": "A Server-Side Request Forgery (SSRF) vulnerability exists in Mautic's Focus component. Due to insufficient validation of user-supplied URLs, an authenticated user can trigger outbound HTTP requests from the hosting server, enabling internal network reconnaissance or forcing requests to arbitrary internal or external destinations.",
    "published": "2026-05-29T09:38:40.857Z",
    "modified": "2026-05-29T10:51:10.746Z",
    "type": "cve",
    "title": "CVE-2026-9557",
    "source": "Mautic",
    "references": "https://github.com/mautic/mautic/security/advisories/GHSA-jmv8-8j9j-rcpc",
    "id": "CVE-2026-9557",
    "bulletinFamily": "",
    "cwe": [
        "CWE-918"
    ],
    "cvelist": null,
    "sourceData": "  4.0.0\n  5.0.0\n  6.0.0\n  7.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 6.4,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "",
    "version": "7.0.0",
    "vendor": "",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}