CVE-2026-9559
Mautic · Mautic
A path traversal flaw in Mautic 7's campaign import feature allows authenticated users to write arbitrary PHP files, leading to Remote Code Execution (RCE) on the underlying server.
Executive summary
A critical path traversal vulnerability in Mautic 7 allows authenticated users with specific privileges to achieve Remote Code Execution by overwriting sensitive system files.
Vulnerability
This is a path traversal vulnerability residing in the campaign import ZIP extraction logic. An authenticated user possessing 'campaign:imports:create' privileges can bypass directory restrictions to write arbitrary files to the filesystem.
Business impact
The vulnerability carries a CVSS score of 9.9, reflecting its extreme severity. Successful exploitation grants an attacker full Remote Code Execution capabilities, potentially leading to total system compromise, unauthorized data access, and complete loss of control over the Mautic application environment.
Remediation
Immediate Action: Upgrade to the latest version of Mautic 7 as soon as the vendor-supplied patch becomes available.
Proactive Monitoring: Review access logs for suspicious file upload activity and monitor for unexpected PHP file creation within the application's temporary and core directories.
Compensating Controls: Implement strict file system permissions for the web server user and utilize a Web Application Firewall (WAF) to inspect uploaded ZIP archives for path traversal patterns.
Exploitation status
Public Exploit Available: No
Analyst recommendation
Given the critical CVSS score of 9.9, this vulnerability poses an immediate and severe threat to organizational infrastructure. Administrators must restrict 'campaign:imports:create' privileges to trusted users only and prioritize patching the Mautic instance immediately upon the release of the security update.