CVE-2026-9559

CVSS 9.9 · Critical EPSS 0.21% · P43 Updated May 30, 2026

Possible ATT&CK Techniques 3AI

T1222 · File and Directory Permissions Modification T1059 · Command and Scripting Interpreter T1190 · Exploit Public-Facing Application

Affected Version Matrix 1

Vendor	Product	Version Range	Status
None	None	`7.0.0< 7.1.2`	affected

I. Basic Information for CVE-2026-9559

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

A path traversal vulnerability exists in the campaign import feature of Mautic 7. When extracting uploaded ZIP files during campaign imports, a flaw in the validation logic allows file paths to escape the intended temporary directories. An authenticated user with campaign import privileges (campaign:imports:create) can write arbitrary PHP files to sensitive system directories. An attacker can exploit this to overwrite critical internal configuration or cache components, resulting in Remote Code Execution (RCE) under the context of the web server user.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Source: NVD (National Vulnerability Database)

Vulnerability Type

对路径名的限制不恰当(路径遍历)

Source: NVD (National Vulnerability Database)

Vulnerability Title

Mautic 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Mautic是Mautic开源的一款开源的营销自动化软件。该软件能够监控管理网站、发送电子邮件并管理客户资源。 Mautic 7版本存在安全漏洞，该漏洞源于活动导入功能中路径遍历，可能导致经过身份验证的用户在提取ZIP文件时写入任意PHP文件，进而导致远程代码执行。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	-	7.0.0 ~ 7.1.2	-

II. Public POCs for CVE-2026-9559

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2026-9559

请登录查看更多情报信息。

Vendor Advisories for CVE-2026-9559 (1)

🔗 Path Traversal via Campaign Import · Advisory · mautic/mautic · GitHub

https://nvd.nist.gov/vuln/detail/CVE-2026-9559

IV. Related Vulnerabilities

Same weakness: CWE-22

V. Comments for CVE-2026-9559

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2026-9559

Possible ATT&CK Techniques 3AI

Affected Version Matrix 1

I. Basic Information for CVE-2026-9559

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2026-9559

III. Intelligence Information for CVE-2026-9559

Vendor Advisories for CVE-2026-9559 (1)

IV. Related Vulnerabilities

V. Comments for CVE-2026-9559

Leave a comment