Listmonk Newsletter Manager Vulnerability Affects Multi-User Access Controls
CVE-2026-34584

5.4MEDIUM

Key Information:

Vendor

Knadh

Status
Vendor
CVE Published:
2 April 2026

What is CVE-2026-34584?

Listmonk, a self-hosted newsletter and mailing list management tool, has a vulnerability that allows users in a multi-user setup to gain unauthorized access to mailing lists. This flaw occurs due to improperly implemented permission checks, exposing sensitive lists to untrusted users in multi-user environments. The issue has been rectified in version 6.1.0, underscoring the importance of updating to this version to maintain security.

Affected Version(s)

listmonk >= 4.1.0, < 6.1.0

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.