CRITICAL: CVE-2026-32519 (CVSS 9) — multiple products

CVE: CVE-2026-32519

CVSS: 9 (3.1) — CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Severity: CRITICAL

Status: Critical advisory

Affected

_See vendor advisory_

Summary

Incorrect Privilege Assignment vulnerability in Bit Apps Bit SMTP bit-smtp allows Privilege Escalation.This issue affects Bit SMTP: from n/a through <= 1.2.2.

Verified Sources

NVD entry
GitHub Advisory
MITRE

References

https://patchstack.com/database/Wordpress/Plugin/bit-smtp/vulnerability/wordpress-bit-smtp-plugin-1-2-2-broken-authentication-vulnerability?_s_id=cve

_Validated by the Lyrie Threat Intelligence Pipeline — 3 independent sources confirmed before publication. No speculation._

Lyrie Verdict

A vulnerability of this severity is exactly what Lyrie's anti-rogue-AI defense is built for: continuous, autonomous monitoring that doesn't wait for human reaction time.

#critical

Validated sources

[1]NVD
[2]GitHub Advisory
[3]MITRE