CVE-2026-9557
Server-Side Request Forgery in Mautic Focus Component
Publication date: 2026-05-29
Last updated on: 2026-05-29
Assigner: Mautic
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mautic | mautic | From 4.0.0 (inc) |
| mautic | mautic | 7.1.2 |
| mautic | mautic | 6.0.9 |
| mautic | mautic | 5.2.11 |
| mautic | mautic | 4.4.20 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-918 | The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how the SSRF vulnerability in Mautic's Focus component directly affects compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
CVE-2026-9557 is a Server-Side Request Forgery (SSRF) vulnerability found in the Focus component of the Mautic marketing automation platform.
This vulnerability arises because the system does not properly validate user-supplied URLs, allowing an authenticated user to make the hosting server send outbound HTTP requests.
An attacker can exploit this flaw to perform internal network reconnaissance, such as probing internal ports or forcing the server to send requests to arbitrary internal or external destinations.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an authenticated attacker to use the server as a proxy to access internal network resources that are otherwise protected.
It can enable internal network reconnaissance, potentially revealing sensitive infrastructure details behind firewalls.
Additionally, the attacker can force the server to send requests to arbitrary external or internal destinations, which could be used for malicious purposes such as bypassing network restrictions or launching further attacks.
What immediate steps should I take to mitigate this vulnerability?
To mitigate the Server-Side Request Forgery (SSRF) vulnerability in Mautic's Focus component, users are strongly advised to upgrade to the latest patched versions of Mautic (7.1.2, 6.0.9, 5.2.11, or 4.4.20 depending on their release branch).
If upgrading immediately is not possible, mitigation involves disabling or restricting external network access from the Mautic web server to internal-only subnets or local hosts to prevent the server from making unauthorized outbound HTTP requests.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves an authenticated user triggering outbound HTTP requests from the Mautic server by supplying malicious URLs. Detection can focus on monitoring outbound HTTP requests originating from the Mautic server, especially those targeting internal network addresses or unusual external destinations.
To detect potential exploitation attempts, you can monitor network traffic for unexpected outbound HTTP requests from the Mautic server. For example, using network monitoring tools or packet capture utilities like tcpdump or Wireshark to filter HTTP traffic.
- Use tcpdump to capture outbound HTTP requests from the server: tcpdump -i <interface> 'tcp dst port 80 or tcp dst port 443 and src host <mautic_server_ip>'
- Check web server logs for unusual URL parameters or requests that might trigger SSRF, focusing on authenticated user actions.
- Use curl or wget commands to test if the Mautic Focus component is vulnerable by attempting to supply URLs that point to internal resources and observing the server's behavior.
Additionally, restricting or disabling external network access from the Mautic web server to internal-only subnets or local hosts can help mitigate the risk until the system is patched.