Mautic/core

This hub aggregates every CVE we track for Mautic/core, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Mautic/core.

• CVE-2026-3105SQL Injection in Contact Activity API Sorting7.6Feb 24, 2026
• CVE-2025-9824User Enumeration via Response Timing5.9Sep 3, 2025
• CVE-2025-9822Secret data extraction via elfinder5.5Sep 3, 2025
• CVE-2025-9821SSRF via webhook function2.7Sep 3, 2025
• CVE-2025-5256Open Redirect vulnerability on user unlock path5.4May 28, 2025
• CVE-2024-47055Segment cloning doesn't have a proper permission check4.3May 28, 2025
• CVE-2024-47057User name enumeration possible due to response time difference on password reset form5.3May 28, 2025
• CVE-2024-47056Mautic does not shield .env files from web traffic5.1May 28, 2025
• CVE-2025-5257Predictable Page Indexing Might Lead to Sensitive Data Exposure6.5May 28, 2025
• CVE-2024-47051Remote Code Execution & File Deletion in Asset Uploads9.1Feb 26, 2025
• CVE-2024-47053Improper Authorization in Reporting API7.7Feb 26, 2025
• CVE-2022-25773Relative Path Traversal in assets file upload4.3Feb 26, 2025
• CVE-2022-25770Insufficient authentication in upgrade flow7.8Sep 18, 2024
• CVE-2024-47059Users enumeration - weak password login4.3Sep 18, 2024
• CVE-2021-27917XSS in contact tracking and page hits report7.3Sep 18, 2024