Listmonk Newsletter Manager Vulnerability Affects Multi-User Access Controls
CVE-2026-34584
5.4MEDIUM
What is CVE-2026-34584?
Listmonk, a self-hosted newsletter and mailing list management tool, has a vulnerability that allows users in a multi-user setup to gain unauthorized access to mailing lists. This flaw occurs due to improperly implemented permission checks, exposing sensitive lists to untrusted users in multi-user environments. The issue has been rectified in version 6.1.0, underscoring the importance of updating to this version to maintain security.
Affected Version(s)
listmonk >= 4.1.0, < 6.1.0
