CVE-2026-3105

HIGH

Mautic Core 2.10.0-4.4.18 and 5.2.0-5.2.9 - Authenticated SQL Injection via Contact Activity API Sort Parameter

Title source: llm

Description

SummaryThis advisory addresses a SQL injection vulnerability in the API endpoint used for retrieving contact activities. A vulnerability exists in the query construction for the Contact Activity timeline where the parameter responsible for determining the sort direction was not strictly validated against an allowlist, potentially allowing authenticated users to inject arbitrary SQL commands via the API. MitigationPlease update to 4.4.19, 5.2.10, 6.0.8, 7.0.1 or later. WorkaroundsNone. ReferencesIf you have any questions or comments about this advisory: Email us at [email protected]

References (1)

Core 1

Core References

Vendor Advisory

https://github.com/mautic/mautic/security/advisories/GHSA-r5j5-q42h-fc93

Scores

CVSS v3 7.6

EPSS 0.0029

EPSS Percentile 20.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-89

Status published

Products (2)

acquia/mautic 2.10.0 - 4.4.19

mautic/core 2.10.0 - 5.2.10Packagist

Published Feb 24, 2026

Tracked Since Feb 25, 2026