mautic/core
Packagist53 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting mautic/corepage 2 of 2
- CVE-2026-9808HIGHCVSS 7.1EG 7.1✓ Fixed in 7.1.22026-05-29
vulnerable: 7.0.0 ... 7.1.1 (6 versions)
An authorization bypass vulnerability exists in the Mautic 7 API v2 endpoints (utilizing API Platform). Under certain conditions, roles configured with owner-scope restrictions (such as `viewown` or `editown`) are not properly enforced. Th…
- CVE-2026-9809HIGHCVSS 7.6EG 7.6✓ Fixed in 7.1.22026-05-29
vulnerable: 7.0.0 ... 7.1.1 (6 versions)
A stored Cross-Site Scripting (XSS) vulnerability exists in the Projects component of Mautic 7. When displaying project tags and popovers on administrative detail views (such as campaigns, emails, or forms), user-supplied project names are…
- CVE-2026-9811MEDIUMCVSS 5.4EG 5.4✓ Fixed in 7.1.22026-05-29
vulnerable: 7.0.0 ... 7.1.1 (6 versions)
A stored Cross-Site Scripting (XSS) vulnerability exists in the project selector component of Mautic 7. When rendering selection menus for associating projects with system entities, the application fails to sanitize project names returned …
Check whether mautic/core is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for mautic/core CVEs against the assets you own.
Start Free Scan →