CVE-2026-35391
- EPSS 0.02%
- Veröffentlicht 06.04.2026 20:17:39
- Zuletzt bearbeitet 09.04.2026 20:59:25
Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to 1.4.11, the getClientIP() function in lib/admin/session.ts trusted the first (leftmost) entry of the X-Forwarded-For header, which is fully controlled by the client. A...
CVE-2026-35390
- EPSS 0.03%
- Veröffentlicht 06.04.2026 20:13:30
- Zuletzt bearbeitet 09.04.2026 20:49:31
Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to 1.4.11, the reverse proxy (proxy.ts) set the Content-Security-Policy-Report-Only header instead of the enforcing Content-Security-Policy header. This means cross-site ...
CVE-2026-35389
- EPSS 0.02%
- Veröffentlicht 06.04.2026 20:11:56
- Zuletzt bearbeitet 09.04.2026 20:58:45
Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to 1.4.11, S/MIME signature verification did not validate the certificate trust chain (checkChain: false). Any email signed with a self-signed or untrusted certificate wa...
CVE-2026-34834
- EPSS 0.09%
- Veröffentlicht 02.04.2026 19:11:54
- Zuletzt bearbeitet 09.04.2026 21:14:04
Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to version 1.4.10, the verifyIdentity() function contained logic that returned true if no session cookies were present. This allowed unauthenticated attackers to bypass s...
CVE-2026-34833
- EPSS 0.02%
- Veröffentlicht 02.04.2026 19:11:39
- Zuletzt bearbeitet 09.04.2026 21:13:42
Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to version 1.4.10, the GET /api/auth/session endpoint previously included the user's plaintext password in the JSON response. This exposed credentials to browser logs, lo...