CVE-2026-9558

Name of the Vulnerable Software and Affected Versions Mautic (affected versions not specified)

Description A Server-Side Template Injection (SSTI) issue exists in the theme engine. The platform renders uploaded Twig templates without a sandbox or strict function restrictions. Authenticated users with permissions to create or upload themes can exploit this to achieve Remote Code Execution (RCE), allowing the execution of arbitrary code on the hosting server, or to access restricted system files and configuration settings.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.