A vulnerability was found in Listmonk up to 4.1.0. It has been classified as critical. Affected is the function QuerySubscribers. The manipulation leads to sql injection.

This vulnerability is traded as CVE-2025-46011. It is possible to launch the attack remotely. There is no exploit available.