CVE-2026-15192

Source
https://cve.org/CVERecord?id=CVE-2026-15192
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-15192.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-15192
Published
2026-07-09T16:30:09.358Z
Modified
2026-07-15T01:49:20.416948014Z
Severity
  • 5.5 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
mettle sendportal APIv1 Webhooks mailjet missing authentication
Details

A vulnerability has been found in mettle sendportal up to 3.0.1. This issue affects the function sendgrid/postmark/postal/mailjet of the component APIv1 Webhooks. The manipulation leads to missing authentication. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/15xxx/CVE-2026-15192.json",
    "cwe_ids": [
        "CWE-287",
        "CWE-306"
    ],
    "cna_assigner": "VulDB"
}
References

Affected packages

Git / github.com/mettle/sendportal

Affected ranges

Type
GIT
Repo
https://github.com/mettle/sendportal
Events
Database specific
{
    "extracted_events": [
        {
            "introduced": "3.0.0"
        },
        {
            "last_affected": "3.0.0"
        },
        {
            "introduced": "3.0.1"
        },
        {
            "last_affected": "3.0.1"
        }
    ],
    "source": "AFFECTED_FIELD"
}

Affected versions

3.*
3.0.0
3.0.1
v3.*
v3.0.0
v3.0.1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-15192.json"