CVE-2026-57740 in SMTP Newsletter Plugininfo

Summary

by MITRE • 07/13/2026

Missing Authorization vulnerability in AcyMailing Newsletter Team AcyMailing SMTP Newsletter acymailing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AcyMailing SMTP Newsletter: from n/a through <= 10.11.1.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Analysis

by VulDB Data Team • 07/13/2026

The Missing Authorization vulnerability in AcyMailing Newsletter Team AcyMailing SMTP Newsletter represents a critical access control flaw that enables unauthorized users to exploit incorrectly configured security levels within the application. This vulnerability falls under the CWE-285 category of Improper Authorization, where the system fails to properly verify that an authenticated user has sufficient privileges to perform specific operations. The affected version range from n/a through 10.11.1 indicates a widespread issue affecting multiple iterations of the newsletter management system.

The technical flaw manifests when the application does not adequately validate user permissions before executing sensitive operations related to email newsletter configuration and delivery. Attackers can exploit this weakness to bypass normal access controls and gain unauthorized access to administrative functions, potentially allowing them to modify newsletter settings, view subscriber data, or even send spam emails through the compromised system. The vulnerability stems from insufficient input validation and improper privilege checking mechanisms within the application's authentication framework.

Operationally, this vulnerability presents significant risks to organizations using AcyMailing for their email marketing campaigns. An attacker who successfully exploits this flaw could compromise the integrity of the newsletter system, leading to potential data breaches, unauthorized communication with subscribers, and damage to brand reputation. The impact extends beyond simple unauthorized access as attackers might leverage this vulnerability as a stepping stone for further exploitation within the broader network infrastructure. This issue aligns with ATT&CK technique T1078.004 for Valid Accounts and T1566.002 for Phishing with Malicious Attachments, where compromised credentials or misconfigured access controls facilitate broader attack vectors.

The security implications of this vulnerability are particularly concerning given that email newsletter systems often contain sensitive subscriber information and may be integrated with other business systems. Organizations should immediately implement mitigations including updating to patched versions of the software, reviewing and strengthening access control policies, implementing proper role-based access controls, and conducting comprehensive security audits of their email marketing infrastructure. Additionally, network segmentation and monitoring solutions should be deployed to detect unusual access patterns that might indicate exploitation attempts. Regular security assessments and vulnerability scanning should be conducted to identify similar misconfigurations across the entire IT environment while adhering to industry standards such as those outlined in NIST SP 800-53 for authorization controls and access management.

Responsible

Patchstack

Reservation

06/25/2026

Disclosure

07/13/2026

Moderation

accepted

CPE

ready

EPSS

0.00000

KEV

no

Activities

very low

Sources

Might our Artificial Intelligence support you?

Check our Alexa App!