This is a Server-Side Request Forgery (SSRF) flaw in Mautic's Focus component (MauticFocusBundle), where insufficient validation of user-supplied URLs lets an authenticated, low-privileged user force the Mautic server to issue outbound HTTP requests to arbitrary internal or external destinations. Mautic is a marketing automation platform, not a core AI/ML library — this CVE reached the AI threat feed under an 'ml_ui' tag, but the vulnerability itself has no direct tie to LLMs, agents, or model pipelines; treat it as standard infrastructure risk wherever Mautic runs. The CVSS 6.4 score (AV:N/AC:L/PR:L/UI:N/S:C), near-zero EPSS (0.14%), absence from CISA KEV, and lack of a public exploit or Nuclei template all point to low near-term exploitation likelihood, though the package's history of 42 prior CVEs, 479 downstream dependents, and a middling 6.6/10 OpenSSF Scorecard suggest elevated baseline risk for the codebase overall. Because SSRF can be used to probe internal services, firewalled infrastructure, or cloud metadata endpoints, any Mautic instance with network reach into a private VPC or instance-metadata service should still prioritize this regardless of the low EPSS. Patch to Mautic 7.1.2, 6.0.9, 5.2.11, or the ELTS 4.4.20 branch, and in the interim restrict the Mautic server's egress to internal-only subnets or localhost since no official workaround exists.
What is the risk?
Medium on paper (CVSS 6.4) but low urgency in practice: exploitation requires an existing authenticated account (PR:L) inside the Mautic panel, no additional user interaction is needed, and confidentiality/integrity impact is capped at 'low' with no availability impact. EPSS of 0.14% and absence from CISA KEV, Nuclei, and public-exploit trackers indicate this is not being actively weaponized in the wild. The real risk driver is environmental: if the Mautic host can reach internal-only admin panels or cloud instance-metadata endpoints (e.g., 169.254.169.254), SSRF pivots from 'authenticated marketing user' to 'internal network mapper or credential thief' — a materially worse outcome than the CVSS number alone implies. This is a general web application security issue affecting a MarTech platform, not an AI/ML-specific risk.
How does the attack unfold?
What systems are affected?
| Package | Ecosystem | Vulnerable Range | Patched |
|---|---|---|---|
| Panel | composer | >= 4.0.0, <= 4.4.13 | 5.2.11 |
Do you use Panel? You're affected.
How severe is it?
What is the attack surface?
What should I do?
1 step-
Upgrade to the patched release matching your branch: 7.1.2, 6.0.9, 5.2.11, or 4.4.20 (ELTS) — Mautic recommends the latest patch available for your branch. There is no official workaround; if immediate patching isn't possible, restrict outbound network access from the Mautic web server to internal-only subnets/localhost (egress filtering) and enforce IMDSv2 (or equivalent) if hosted on a cloud provider to blunt metadata-service exposure. For detection, monitor Mautic application logs for unusual Focus-component URL submissions and review firewall/VPC flow logs for unexpected outbound connections from the Mautic host to internal IP ranges or the cloud metadata address.
How is it classified?
Which compliance frameworks are affected?
Compliance analysis pending. Sign in for full compliance mapping when available.
Frequently Asked Questions
What is CVE-2026-9557?
This is a Server-Side Request Forgery (SSRF) flaw in Mautic's Focus component (MauticFocusBundle), where insufficient validation of user-supplied URLs lets an authenticated, low-privileged user force the Mautic server to issue outbound HTTP requests to arbitrary internal or external destinations. Mautic is a marketing automation platform, not a core AI/ML library — this CVE reached the AI threat feed under an 'ml_ui' tag, but the vulnerability itself has no direct tie to LLMs, agents, or model pipelines; treat it as standard infrastructure risk wherever Mautic runs. The CVSS 6.4 score (AV:N/AC:L/PR:L/UI:N/S:C), near-zero EPSS (0.14%), absence from CISA KEV, and lack of a public exploit or Nuclei template all point to low near-term exploitation likelihood, though the package's history of 42 prior CVEs, 479 downstream dependents, and a middling 6.6/10 OpenSSF Scorecard suggest elevated baseline risk for the codebase overall. Because SSRF can be used to probe internal services, firewalled infrastructure, or cloud metadata endpoints, any Mautic instance with network reach into a private VPC or instance-metadata service should still prioritize this regardless of the low EPSS. Patch to Mautic 7.1.2, 6.0.9, 5.2.11, or the ELTS 4.4.20 branch, and in the interim restrict the Mautic server's egress to internal-only subnets or localhost since no official workaround exists.
Is CVE-2026-9557 actively exploited?
No confirmed active exploitation of CVE-2026-9557 has been reported, but organizations should still patch proactively.
How to fix CVE-2026-9557?
Upgrade to the patched release matching your branch: 7.1.2, 6.0.9, 5.2.11, or 4.4.20 (ELTS) — Mautic recommends the latest patch available for your branch. There is no official workaround; if immediate patching isn't possible, restrict outbound network access from the Mautic web server to internal-only subnets/localhost (egress filtering) and enforce IMDSv2 (or equivalent) if hosted on a cloud provider to blunt metadata-service exposure. For detection, monitor Mautic application logs for unusual Focus-component URL submissions and review firewall/VPC flow logs for unexpected outbound connections from the Mautic host to internal IP ranges or the cloud metadata address.
What is the CVSS score for CVE-2026-9557?
CVE-2026-9557 has a CVSS v3.1 base score of 6.4 (MEDIUM). The EPSS exploitation probability is 0.14%.
What are the technical details?
Original Advisory
### Summary A Server-Side Request Forgery (SSRF) vulnerability exists in the Mautic Focus component (`MauticFocusBundle`). Under certain conditions, insufficiency in validating user-supplied URLs allows authenticated users to trigger outbound HTTP requests from the hosting server. ### Impact An authenticated user with access to the Mautic panel can exploit this vulnerability to perform internal port probing or force the server to initiate requests to external or arbitrary internal destinations. This can enable internal network reconnaissance or mapping of firewalled infrastructure. ### Patched Versions This security issue has been fixed in the following releases: * **7.1.2** * **6.0.9** * **5.2.11** * **4.4.20** [ELTS](https://mautic.org/extended-long-term-support-elts/) Mautic strongly recommend upgrading to the latest version corresponding to your release branch. ### Workarounds There are no official workarounds. To completely mitigate the exposure without upgrading, disabling or limiting external network access from the Mautic web server to internal-only subnets/local hosts is recommended.
Exploitation Scenario
An attacker who has obtained low-privilege authenticated access to a Mautic instance (e.g., via credential stuffing, a phished marketing team member, or a purchased low-priv account) configures a Focus popup/notification and supplies an attacker-controlled or internal URL in a field the Focus component fetches server-side. Mautic's backend issues the outbound request on the attacker's behalf, letting them enumerate open ports, probe internal-only admin interfaces, or query the cloud metadata service for temporary credentials — all while the traffic appears to originate from a trusted, already-authorized host. No AI system is involved; this is a classic SSRF-to-internal-recon chain against a MarTech application.
Weaknesses (CWE)
CWE-918 — Server-Side Request Forgery (SSRF): The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Source: MITRE CWE corpus.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N References
Timeline
Related Vulnerabilities
CVE-2024-13152 10.0 Mobuy Panel: SQLi allows unauthenticated DB takeover
Same package: panel CVE-2026-47744 9.9 Shopper: RBAC bypass allows full admin takeover
Same package: panel CVE-2024-13147 9.8 B2B Login Panel: SQLi enables unauthenticated DB access
Same package: panel CVE-2024-5960 9.8 Panel: plaintext credential storage enables domain compromise
Same package: panel CVE-2025-14014 9.8 Smart Panel: unauthenticated file upload enables RCE
Same package: panel