PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-15191 mettle CVE debrief

A flaw has been found in mettle sendportal up to 3.0.1. This vulnerability affects unknown code of the file vendor/mettle/sendportal-core/src/Http/Requests/CampaignStoreRequest.php of the component Campaign Creation Endpoint. Executing a manipulation can lead to authorization bypass. The attack can be executed remotely. The vulnerability has a CVSS score of 2.1 and is considered low severity. Users should be aware of this vulnerability and take necessary precautions.

Vendor
mettle
Product
sendportal
CVSS
LOW 2.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-09
Original CVE updated
2026-07-14
Advisory published
2026-07-09
Advisory updated
2026-07-14

Who should care

Users of mettle sendportal up to 3.0.1 should be aware of this vulnerability and take necessary precautions. This includes administrators, security teams, and operators who manage or use the affected product. They should review the vulnerability details, assess their exposure, and plan for remediation or mitigation as needed.

Technical summary

The vulnerability is located in the Campaign Creation Endpoint of mettle sendportal up to 3.0.1, specifically in the file vendor/mettle/sendportal-core/src/Http/Requests/CampaignStoreRequest.php. An attacker can exploit this vulnerability to bypass authorization, potentially leading to unauthorized access or modifications. The vulnerability has a CVSS score of 2.1, indicating low severity. Users should verify affected versions of mettle sendportal, review vendor guidance when available, and monitor for suspicious activity related to mettle sendportal up to 3.0.1. Evidence is limited to CVE and NVD details, and defenders should take necessary precautions and plan for remediation or mitigation as needed. The project was informed of the problem early through an issue report but has not responded yet.

Defensive priority

Low priority due to CVSS score of 2.1, but users should still take necessary precautions and plan for remediation.

Recommended defensive actions

  • Inventory and verify affected versions of mettle sendportal
  • Apply vendor remediation when available
  • Monitor for suspicious activity
  • Implement compensating controls
  • Exception tracking and retest
  • Review and verify affected scope and severity
  • Track exceptions and retest remediated assets

Evidence notes

The project was informed of the problem early through an issue report but has not responded yet. The exploit has been published and may be used. Evidence is limited to CVE and NVD details. Defenders should verify affected versions, review vendor guidance when available, and monitor for suspicious activity related to mettle sendportal up to 3.0.1.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-09T17:16:57.620Z and has not been modified since then.