CVE-2026-3105

SummaryThis advisory addresses a SQL injection vulnerability in the API endpoint used for retrieving contact activities. A vulnerability exists in the query construction for the Contact Activity timeline where the parameter responsible for determining the sort direction was not strictly validated against an allowlist, potentially allowing authenticated users to inject arbitrary SQL commands via the API. MitigationPlease update to 4.4.19, 5.2.10, 6.0.8, 7.0.1 or later. WorkaroundsNone. ReferencesIf you have any questions or comments about this advisory: Email us at security@mautic.org

CVSS v3 7.6 HIGH

7.6^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 4.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://github.com/mautic/mautic/security/advisories/GHSA-r5j5-q42h-fc93	Vendor Advisory Mitigation

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:acquia:mautic::::::::
	cpe:2.3:a:acquia:mautic::::::::
	cpe:2.3:a:acquia:mautic::::::::
	cpe:2.3:a:acquia:mautic::::::::

History

27 Feb 2026, 03:11

Type	Values Removed	Values Added
First Time		Acquia Acquia mautic
CPE		cpe:2.3:a:acquia:mautic::::::::
References	~~() https://github.com/mautic/mautic/security/advisories/GHSA-r5j5-q42h-fc93 -~~	() https://github.com/mautic/mautic/security/advisories/GHSA-r5j5-q42h-fc93 - Vendor Advisory, Mitigation

24 Feb 2026, 20:27

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-24 20:27

Updated : 2026-02-27 03:11

NVD link : CVE-2026-3105

Mitre link : CVE-2026-3105

CVE.ORG link : CVE-2026-3105

JSON object : View

Products Affected

acquia

mautic

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

{"id": "CVE-2026-3105", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@mautic.org", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.7, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2026-02-24T20:27:50.713", "references": [{"url": "https://github.com/mautic/mautic/security/advisories/GHSA-r5j5-q42h-fc93", "tags": ["Vendor Advisory", "Mitigation"], "source": "security@mautic.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security@mautic.org", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "SummaryThis advisory addresses a SQL injection vulnerability in the API endpoint used for retrieving contact activities. A vulnerability exists in the query construction for the Contact Activity timeline where the parameter responsible for determining the sort direction was not strictly validated against an allowlist, potentially allowing authenticated users to inject arbitrary SQL commands via the API.\n\nMitigationPlease update to 4.4.19, 5.2.10, 6.0.8, 7.0.1\u00a0or later.\n\nWorkaroundsNone.\n\nReferencesIf you have any questions or comments about this advisory:\n\nEmail us at security@mautic.org"}], "lastModified": "2026-02-27T03:11:21.447", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "810298B5-F979-4BED-B035-F82C33CB1875", "versionEndExcluding": "4.4.19", "versionStartIncluding": "2.10.0"}, {"criteria": "cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B25B2FE0-300C-44E0-9D0C-7F07C7B44829", "versionEndExcluding": "5.2.10", "versionStartIncluding": "5.0.0"}, {"criteria": "cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "831BD706-7A50-4774-A7D1-403830DDC0ED", "versionEndExcluding": "6.0.8", "versionStartIncluding": "6.0.0"}, {"criteria": "cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1CC2F790-64D4-42A3-8435-F6D6B1F62146", "versionEndExcluding": "7.0.1", "versionStartIncluding": "7.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@mautic.org"}