cbcvebase.

Nadh Listmonk vulnerabilities

6 known vulnerabilities affecting nadh/listmonk.

Total CVEs
6
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM5

Vulnerabilities

Page 1 of 1
CVE-2025-49136P3MEDIUMCVSS 6.5PoC≥ 4.0.0, < 5.0.22025-06-09
CVE-2025-49136 [MEDIUM] CWE-1336 CVE-2025-49136: listmonk is a standalone, self-hosted, newsletter and mailing list manager. Starting in version 4.0. listmonk is a standalone, self-hosted, newsletter and mailing list manager. Starting in version 4.0.0 and prior to version 5.0.2, the `env` and `expandenv` template functions which is enabled by default in Sprig enables capturing of env variables on host. While this may not be a problem on single-user (super admin) installations, on multi-user inst
nvd
CVE-2026-34828P3HIGHCVSS 7.1≥ 4.1.0, < 6.1.02026-04-02
CVE-2026-34828 [HIGH] CWE-613 CVE-2026-34828: listmonk is a standalone, self-hosted, newsletter and mailing list manager. From version 4.1.0 to be listmonk is a standalone, self-hosted, newsletter and mailing list manager. From version 4.1.0 to before version 6.1.0, a session management vulnerability allows previously issued authenticated sessions to remain valid after sensitive account security changes, specifically password reset and password change. As a result, an attacker who has already ob
nvd
CVE-2025-46011P3MEDIUMCVSS 6.5≥ 2.4.0, < 5.0.02025-06-04
CVE-2025-46011 [MEDIUM] CWE-89 CVE-2025-46011: Listmonk v4.1.0 (fixed in v5.0.0) is vulnerable to SQL Injection in the QuerySubscribers function wh Listmonk v4.1.0 (fixed in v5.0.0) is vulnerable to SQL Injection in the QuerySubscribers function which allows attackers to escalate privileges.
nvd
CVE-2026-34584P4MEDIUMCVSS 5.4≥ 4.1.0, < 6.1.02026-04-02
CVE-2026-34584 [MEDIUM] CWE-639 CVE-2026-34584: listmonk is a standalone, self-hosted, newsletter and mailing list manager. From version 4.1.0 to be listmonk is a standalone, self-hosted, newsletter and mailing list manager. From version 4.1.0 to before version 6.1.0, bugs in list permission checks allows users in a multi-user environment to access to lists (which they don't have access to) under different scenarios. This only affects multi-user environments with untrusted users. This issue has
nvd
CVE-2026-21483P4MEDIUMCVSS 5.4fixed in 6.0.02026-01-02
CVE-2026-21483 [MEDIUM] CWE-79 CVE-2026-21483: listmonk is a standalone, self-hosted, newsletter and mailing list manager. Prior to version 6.0.0, listmonk is a standalone, self-hosted, newsletter and mailing list manager. Prior to version 6.0.0, lower-privileged user with campaign management permissions can inject malicious JavaScript into campaigns or templates. When a higher-privileged user (Super Admin) views or previews this content, the XSS executes in their browser context, allowing the a
nvd
CVE-2025-58430P4MEDIUMCVSS 6.1≤ 1.1.02025-09-09
CVE-2025-58430 [MEDIUM] CWE-79 CVE-2025-58430: listmonk is a standalone, self-hosted, newsletter and mailing list manager. In versions up to and in listmonk is a standalone, self-hosted, newsletter and mailing list manager. In versions up to and including 1.1.0, every http request in addition to the session cookie `session` there included `nonce`. The value is not checked and validated by the backend, removing `nonce` allows the requests to be processed correctly. This may seem harmless, but if
nvd