Composer CVE Archive

mautic/core CVE Vulnerabilities

All known CVEs affecting mautic/core. Kodem’s runtime-powered SCA reveals which are actually reachable in your application.

Known vulnerabilities
CVE
Summary
Severity
CVE-2026-9811
Mautic has Stored Cross-Site Scripting (XSS) in Project Option Selector
Medium
CVE-2026-9809
Mautic has Stored Cross-Site Scripting (XSS) in Projects Component
High
CVE-2026-9808
Mautic has an Authorization Bypass in API v2 Endpoints
High
CVE-2026-9559
Mautic vulnerable to Path Traversal via Campaign Import
Critical
CVE-2026-9558
Mautic has Server-Side Template Injection (SSTI) in Theme Templates
Critical
CVE-2026-9557
Mautic Focus component Vulnerable to SSRF
Medium
CVE-2026-4776
Mautic has SQL Injection in API Contact Filtering
High
CVE-2026-3105
Mautic is Vulnerable to SQL Injection through Contact Activity API Sorting
High
CVE-2025-9824
Mautic Vulnerable to User Enumeration via Response Timing
Medium
CVE-2025-9822
Mautic vulnerable to secret data extraction via elfinder
Medium
CVE-2025-5256
Mautic has an Open Redirect vulnerability on user unlock path.
Medium
CVE-2024-47055
Mautic segment cloning doesn't have a proper permission check
Medium
CVE-2024-47057
Mautic allows user name enumeration due to response time difference on password…
Medium
CVE-2024-47056
Mautic does not shield .env files from web traffic
Medium
CVE-2025-5257
Mautic's Predictable Page Indexing Might Lead to Sensitive Data Exposure
Medium
CVE-2022-25773
Mautic allows Relative Path Traversal in assets file upload
Medium
CVE-2024-47053
Mautic allows Improper Authorization in Reporting API
High
CVE-2024-47051
Mautic allows Remote Code Execution and File Deletion in Asset Uploads
Critical
CVE-2024-47059
Mautic allows users enumeration due to weak password login
Medium
CVE-2022-25770
Mautic has insufficient authentication in upgrade flow
Medium
CVE-2021-27917
Mautic has an XSS in contact tracking and page hits report
Medium
CVE-2024-47050
Mautic vulnerable to XSS in contact/company tracking (no authentication)
Medium
CVE-2024-47058
Mautic vulnerable to Cross-site Scripting (XSS) - stored (edit form HTML field)
Medium
CVE-2022-25768
Mautic vulnerable to Improper Access Control in UI upgrade process
High
CVE-2020-35125
Mautic is vulnerable to XSS vulnerability
Critical
CVE-2022-25777
Mautic: MST-48 Server-Side Request Forgery in Asset section
Medium
CVE-2022-25776
Mautic Sensitive Data Exposure due to inadequate user permission settings
High
CVE-2022-25775
Mautic SQL Injection in dynamic Reports
Medium
CVE-2021-27916
Mautic vulnerable to Relative Path Traversal / Arbitrary File Deletion due to…
High
CVE-2022-25774
Mautic vulnerable to cross-site scripting in notifications via saving Dashboards
Medium
CVE-2021-27915
Mautic vulnerable to stored cross-site scripting in description field
High
CVE-2022-25772
Cross-site Scripting vulnerability in Mautic's tracking pixel functionality
Critical
CVE-2020-35129
Mautic stored Cross-site Scripting (XSS)
Critical
CVE-2020-35128
Mautic stored Cross-site Scripting (XSS)
Critical
CVE-2017-1000506
Mautic Cross Site Scripting (XSS) vulnerability
Medium
CVE-2017-1000046
Sensitive Cookie Without HttpOnly and Secure Flag
High
CVE-2017-8874
Mautic Cross-Site Request Forgery (CSRF)
High
CVE-2021-27909
XSS vulnerability on password reset page
Medium
CVE-2021-27910
Stored XSS vulnerability on Bounce Management Callback
High
CVE-2021-27911
XSS vulnerability on contacts view
High
CVE-2021-27912
XSS vulnerability on asset view
High
CVE-2021-27908
Mautic vulnerable to secret data exfiltration via symfony parameters
Medium
CVE-2018-8092
CSV Injection vulnerability with exported contact lists in Mautic
Medium
CVE-2018-11200
XSS vulnerability in company name field in Mautic
Medium

Prioritize mautic/core vulnerabilities

Kodem Kai can identify which of these CVEs are reachable in your dependency tree and generate targeted fix recommendations.

Get a demo →

Stop the waste.
Protect your environment with Kodem.