Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2026-3105
Awaiting Analysis
More InfoOfficial Page
Source-security@mautic.org
View Known Exploited Vulnerability (KEV) details
Published At-24 Feb, 2026 | 20:27
Updated At-24 Feb, 2026 | 21:52

SummaryThis advisory addresses a SQL injection vulnerability in the API endpoint used for retrieving contact activities. A vulnerability exists in the query construction for the Contact Activity timeline where the parameter responsible for determining the sort direction was not strictly validated against an allowlist, potentially allowing authenticated users to inject arbitrary SQL commands via the API. MitigationPlease update to 4.4.19, 5.2.10, 6.0.8, 7.0.1 or later. WorkaroundsNone. ReferencesIf you have any questions or comments about this advisory: Email us at security@mautic.org

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.6HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
Type: Secondary
Version: 3.1
Base score: 7.6
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-89Secondarysecurity@mautic.org
CWE ID: CWE-89
Type: Secondary
Source: security@mautic.org
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/mautic/mautic/security/advisories/GHSA-r5j5-q42h-fc93security@mautic.org
N/A
Hyperlink: https://github.com/mautic/mautic/security/advisories/GHSA-r5j5-q42h-fc93
Source: security@mautic.org
Resource: N/A
Change History
0Changes found
Details not found