CVE-2026-9557
MEDIUM NVDCVSS Score
6.4
Severity
MEDIUM
Source
NVD
Published
May 29, 2026
Description
A Server-Side Request Forgery (SSRF) vulnerability exists in Mautic's Focus component. Due to insufficient validation of user-supplied URLs, an authenticated user can trigger outbound HTTP requests from the hosting server, enabling internal network reconnaissance or forcing requests to arbitrary internal or external destinations.