PT-2026-56808 · Joomla · Acymailing

Phil Taylor

·

Published

2026-07-09

·

Updated

2026-07-09

·

CVE-2026-56292

CVSS v4.0

9.2

Critical

VectorAV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:L/SC:H/SI:H/SA:H
Name of the Vulnerable Software and Affected Versions AcyMailing versions prior to 10.11.1
Description An unauthenticated SQL injection flaw exists in the AcyMailing component for Joomla. This issue allows a remote attacker to execute crafted SQL queries to gain unauthorized access to the database, potentially leading to the leakage of sensitive information such as password hashes, personal data, and general content.
Recommendations Update AcyMailing to version 10.11.1.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-56292

Affected Products

Acymailing