CVE-2026-9557

Name of the Vulnerable Software and Affected Versions Mautic (affected versions not specified)

Description A Server-Side Request Forgery (SSRF) exists in the Focus component. Due to insufficient validation of user-supplied URLs, an authenticated user can trigger outbound HTTP requests from the hosting server. This allows for internal network reconnaissance or forcing requests to arbitrary internal or external destinations. SSRF is a flaw where an attacker can abuse server functionality to read or update internal resources.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.