What the vulnerability does
01Description
Missing Authorization vulnerability in MailerLite MailerLite official-mailerlite-sign-up-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MailerLite: from n/a through <= 1.7.18.
Explanation of Vulnerability in Simple Terms
02Summary
MailerLite versions up to 1.7.18 lack proper authorization checks, allowing authenticated users to degrade service availability. An attacker with low-privilege access can trigger a denial-of-service condition affecting the application's availability. The vulnerability requires valid credentials but no special user interaction.
What an attacker can do
03Attacker Capabilities
Degrade or disrupt MailerLite service availability by exploiting missing authorization controls.
Potential impact on your site
04Site Impact
Legitimate users may experience service disruptions or unavailability if an attacker exploits this flaw.
Conditions required to exploit
05Prerequisites
Attacker must have a valid MailerLite account with low-level privileges; no user interaction required.
Key dates
06Disclosure timeline
February 19, 2026
CVE published
April 28, 2026
Record updated