CVE-2026-9559
Deferred Deferred - Pending Action
Path Traversal in Mautic Campaign Import Leading to RCE

Publication date: 2026-05-29

Last updated on: 2026-05-29

Assigner: Mautic

Description
A path traversal vulnerability exists in the campaign import feature of Mautic 7. When extracting uploaded ZIP files during campaign imports, a flaw in the validation logic allows file paths to escape the intended temporary directories. An authenticated user with campaign import privileges (campaign:imports:create) can write arbitrary PHP files to sensitive system directories. An attacker can exploit this to overwrite critical internal configuration or cache components, resulting in Remote Code Execution (RCE) under the context of the web server user.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-29
Last Modified
2026-05-29
Generated
2026-06-19
AI Q&A
2026-05-29
EPSS Evaluated
2026-06-18
NVD
CVE-2026-9559
EUVD
EUVD-2026-33277
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
mautic mautic From 7.0 (inc)
mautic mautic 7.1.2
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
CWE-98 The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.
CWE-73 The product allows user input to control or influence paths or file names that are used in filesystem operations.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-9559 is a path traversal vulnerability in Mautic 7's campaign import feature. It occurs when the system extracts uploaded ZIP files during campaign imports. Due to flawed validation logic, file paths can escape the intended temporary directories.

An authenticated user with campaign import privileges can exploit this flaw to write arbitrary PHP files into sensitive system directories. This can lead to overwriting critical internal configuration or cache components.

Ultimately, this vulnerability allows an attacker to achieve Remote Code Execution (RCE) under the context of the web server user.

Impact Analysis

This vulnerability can have severe impacts including unauthorized Remote Code Execution (RCE) on the affected system.

  • An attacker with campaign import privileges can write arbitrary PHP files to sensitive system directories.
  • Critical internal configuration or cache components can be overwritten.
  • The attacker can execute malicious code with the privileges of the web server user, potentially leading to full system compromise.

There are no official workarounds, but revoking campaign import permissions from non-administrative users can mitigate the risk.

Mitigation Strategies

To mitigate this vulnerability immediately, revoke campaign import permissions from non-administrative users to reduce the risk of exploitation.

Additionally, upgrade Mautic to version 7.1.2 or later, where this vulnerability has been patched.

No official workarounds exist beyond these steps.

Compliance Impact

The provided information does not specify how this vulnerability directly affects compliance with common standards and regulations such as GDPR or HIPAA.

Detection Guidance

There are no specific detection commands or network/system detection methods provided in the available resources for CVE-2026-9559.

However, since the vulnerability involves path traversal during ZIP file extraction in Mautic 7's campaign import feature, monitoring for unexpected PHP files in sensitive system directories or unusual file writes by the web server user could be an indicator.

Additionally, reviewing user permissions to ensure that only trusted users have campaign import privileges can help mitigate risk.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-9559. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart