Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2026-57952

Mythic before 3.4.0.60 contains an authorization bypass vulnerability in four REST endpoints (c2profile_config_check_webhook, c2profile_redirect_rules_webhook, c2profile_get_ioc_webhook, c2profile_sample_message_webhook) that fail to verify payload ownership. An operator in one operation can invoke these endpoints with a known payload UUID from another operation to access that operation's C2 profile configuration including encryption keys and callback parameters.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 6.5%
CVSS Severity
CVSS v3 Score 5.3
Products affected by CVE-2026-57952


Contact Us

Shodan ® - All rights reserved