Mautic · Mautic · CVE-2026-9558
**Name of the Vulnerable Software and Affected Versions**
Mautic (affected versions not specified)
**Description**
A Server-Side Template Injection (SSTI) issue exists in the theme engine. The platform renders uploaded Twig templates without a sandbox or strict function restrictions. Authenticated users with permissions to create or upload themes can exploit this to achieve Remote Code Execution (RCE), allowing the execution of arbitrary code on the hosting server, or to access restricted system files and configuration settings.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.