What the vulnerability does
01Description
Missing Authorization vulnerability in AcyMailing Newsletter Team AcyMailing SMTP Newsletter acymailing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AcyMailing SMTP Newsletter: from n/a through <= 10.11.1.
Explanation of Vulnerability in Simple Terms
02Summary
AcyMailing SMTP Newsletter versions up to 10.11.1 lack proper authorization checks, allowing authenticated users to modify newsletter settings and disable the service. An attacker with low-level access can alter configurations or cause the newsletter system to become unavailable. Site administrators should update to a version newer than 10.11.1 to restore proper access controls.
What an attacker can do
03Attacker Capabilities
Modify newsletter settings or disable the newsletter service without proper authorization.
Potential impact on your site
04Site Impact
Newsletter functionality may be disrupted or misconfigured by unauthorized users with basic site access.
Conditions required to exploit
05Prerequisites
Attacker must have a low-level user account on the site; no special interaction required.
Key dates
06Disclosure timeline
July 13, 2026
CVE published