PatchSiren cyber security CVE debrief
CVE-2026-57740 AcyMailing Newsletter Team CVE debrief
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-13T10:16:40.340Z and has not been modified since then. A Missing Authorization vulnerability in AcyMailing SMTP Newsletter plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects AcyMailing SMTP Newsletter: from n/a through <= 10.11.1. The vulnerability has a HIGH CVSS score of 7.1, indicating a High priority for users of the plugin.
- Vendor
- AcyMailing Newsletter Team
- Product
- AcyMailing SMTP Newsletter
- CVSS
- HIGH 7.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-13
- Original CVE updated
- 2026-07-13
- Advisory published
- 2026-07-13
- Advisory updated
- 2026-07-13
Who should care
Users of AcyMailing SMTP Newsletter plugin versions up to 10.11.1 should verify their installation and update to a patched version if available. This includes administrators and security teams responsible for maintaining the plugin. The vulnerability has a HIGH CVSS score of 7.1, indicating a High priority for users of the plugin.
Technical summary
A Missing Authorization vulnerability in AcyMailing SMTP Newsletter plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects AcyMailing SMTP Newsletter: from n/a through <= 10.11.1. The vulnerability has a HIGH CVSS score of 7.1. Users of AcyMailing SMTP Newsletter plugin versions up to 10.11.1 should verify their installation and update to a patched version if available.
Defensive priority
High priority due to HIGH CVSS score of 7.1 and potential impact on access control security levels.
Recommended defensive actions
- Verify AcyMailing SMTP Newsletter plugin version and update to a patched version if available
- Review access control configurations for the plugin
- Monitor for suspicious activity related to the plugin
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
- Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance
- Plan vendor-supported updates or mitigations through normal change control where exposure is confirmed
Evidence notes
Evidence is limited; primary official records indicate a Missing Authorization vulnerability in AcyMailing SMTP Newsletter plugin. Further verification is recommended. The CVE record was published on 2026-07-13T10:16:40.340Z and has not been modified since then. The vulnerability affects AcyMailing SMTP Newsletter plugin versions up to 10.11.1. Users should verify their installation and update to a patched version if available.
Official resources
-
CVE-2026-57740 CVE record
CVE.org
-
CVE-2026-57740 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-13T10:16:40.340Z and has not been modified since then.