MEDIUM
knadh
CVE published 2026-07-15
CVE-2026-62361
CVE-2026-62361 is a SQL injection vulnerability in listmonk's GET /api/subscribers/export endpoint. An authenticated user with subscribers:sql_query and subscribers:get_all permissions can inject user-controlled query parameters, enabling them to read arbitrary database tables and execute data-modifying PostgreSQL CTEs. The issue was fixed in version 6.2.0. This vulnerability has a medium severity and cou [truncated]