CVE-2026-27808
- EPSS 0.09%
- Veröffentlicht 25.02.2026 23:51:20
- Zuletzt bearbeitet 28.02.2026 01:00:17
Mailpit is an email testing tool and API for developers. Prior to version 1.29.2, the Link Check API (/api/v1/message/{ID}/link-check) is vulnerable to Server-Side Request Forgery (SSRF). The server performs HTTP HEAD requests to every URL found in a...
CVE-2026-23845
- EPSS 0.06%
- Veröffentlicht 19.01.2026 19:16:04
- Zuletzt bearbeitet 05.02.2026 18:35:31
Mailpit is an email testing tool and API for developers. Versions prior to 1.28.3 are vulnerable to Server-Side Request Forgery (SSRF) via HTML Check CSS Download. The HTML Check feature (`/api/v1/message/{ID}/html-check`) is designed to analyze HTML...
CVE-2026-23829
- EPSS 0.02%
- Veröffentlicht 18.01.2026 23:23:04
- Zuletzt bearbeitet 23.02.2026 17:29:31
Mailpit is an email testing tool and API for developers. Prior to version 1.28.3, Mailpit's SMTP server is vulnerable to Header Injection due to an insufficient Regular Expression used to validate `RCPT TO` and `MAIL FROM` addresses. An attacker can ...
CVE-2026-22689
- EPSS 0.01%
- Veröffentlicht 10.01.2026 05:46:13
- Zuletzt bearbeitet 18.02.2026 17:45:58
Mailpit is an email testing tool and API for developers. Prior to version 1.28.2, the Mailpit WebSocket server is configured to accept connections from any origin. This lack of Origin header validation introduces a Cross-Site WebSocket Hijacking (CSW...
CVE-2026-21859
- EPSS 1.13%
- Veröffentlicht 07.01.2026 23:24:07
- Zuletzt bearbeitet 02.02.2026 19:16:52
Mailpit is an email testing tool and API for developers. Versions 1.28.0 and below have a Server-Side Request Forgery (SSRF) vulnerability in the /proxy endpoint, allowing attackers to make requests to internal network resources. The /proxy endpoint ...