top of page
perceptive_background_267k.jpg

A Server-Side Template Injection (SSTI) vulnerability exists in Mautic's theme engine. The platform renders uploaded Twig templates without a sandbox or strict …

Published:

28 mei 2026 om 22:00:00

Alert date:

29 mei 2026 om 12:00:34

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies, Enterprise Applications

A Server-Side Template Injection vulnerability in Mautic's theme engine allows authenticated users with theme creation permissions to execute arbitrary code on the hosting server. The platform renders uploaded Twig templates without proper sandboxing or function restrictions. This can lead to Remote Code Execution (RCE) or unauthorized access to restricted system files and configuration settings. The vulnerability affects the theme upload functionality where malicious Twig templates can be processed without adequate security controls.

Technical details

Mitigation steps:

Affected products:

Mautic

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-9558
https://github.com/mautic/mautic/security/advisories/GHSA-9fx4-7cmj-47vg

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page