What is CVE-2026-4776?

CVE-2026-4776 is a high-severity vulnerability, classified under SQL Injection. CVSS score: 7.1/10. Published 2026-05-29.

How severe is CVE-2026-4776?

High severity. CVSS v3 base score is 7.1 out of 10.

CVE-2026-4776

CVE-2026-4776

An SQL injection vulnerability exists in Mautic's API contact filtering mechanism. Due to insufficient recursive sanitization of nested query parameters, an authenticated API user can bypass input filtering and inject arbitrary SQL command…

Vulnerability class: SQL Injection

EPSS: 0.000 (10.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.1 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L.

Weakness classification (CWE)

CWE-89 — SQL Injection

References

security@mautic.org

Frequently asked questions

What is CVE-2026-4776?: CVE-2026-4776 is a high-severity vulnerability, classified under SQL Injection. CVSS score: 7.1/10. Published 2026-05-29.
How severe is CVE-2026-4776?: High severity. CVSS v3 base score is 7.1 out of 10.