PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-57740 AcyMailing Newsletter Team CVE debrief

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-13T10:16:40.340Z and has not been modified since then. A Missing Authorization vulnerability in AcyMailing SMTP Newsletter plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects AcyMailing SMTP Newsletter: from n/a through <= 10.11.1. The vulnerability has a HIGH CVSS score of 7.1, indicating a High priority for users of the plugin.

Vendor
AcyMailing Newsletter Team
Product
AcyMailing SMTP Newsletter
CVSS
HIGH 7.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-13
Original CVE updated
2026-07-13
Advisory published
2026-07-13
Advisory updated
2026-07-13

Who should care

Users of AcyMailing SMTP Newsletter plugin versions up to 10.11.1 should verify their installation and update to a patched version if available. This includes administrators and security teams responsible for maintaining the plugin. The vulnerability has a HIGH CVSS score of 7.1, indicating a High priority for users of the plugin.

Technical summary

A Missing Authorization vulnerability in AcyMailing SMTP Newsletter plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects AcyMailing SMTP Newsletter: from n/a through <= 10.11.1. The vulnerability has a HIGH CVSS score of 7.1. Users of AcyMailing SMTP Newsletter plugin versions up to 10.11.1 should verify their installation and update to a patched version if available.

Defensive priority

High priority due to HIGH CVSS score of 7.1 and potential impact on access control security levels.

Recommended defensive actions

  • Verify AcyMailing SMTP Newsletter plugin version and update to a patched version if available
  • Review access control configurations for the plugin
  • Monitor for suspicious activity related to the plugin
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
  • Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance
  • Plan vendor-supported updates or mitigations through normal change control where exposure is confirmed

Evidence notes

Evidence is limited; primary official records indicate a Missing Authorization vulnerability in AcyMailing SMTP Newsletter plugin. Further verification is recommended. The CVE record was published on 2026-07-13T10:16:40.340Z and has not been modified since then. The vulnerability affects AcyMailing SMTP Newsletter plugin versions up to 10.11.1. Users should verify their installation and update to a patched version if available.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-13T10:16:40.340Z and has not been modified since then.