VYPR
High severity7.1NVD Advisory· Published May 29, 2026· Updated May 29, 2026

CVE-2026-9808

CVE-2026-9808

Description

An authorization bypass vulnerability exists in the Mautic 7 API v2 endpoints (utilizing API Platform). Under certain conditions, roles configured with owner-scope restrictions (such as viewown or editown) are not properly enforced. This allows low-privilege authenticated API users to bypass ownership-logic controls and access or modify resources belonging to other users.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Mautic/Mauticinferred2 versions
    = 7+ 1 more
    • (no CPE)range: = 7
    • (no CPE)

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.