Lucene search
K

Mailcow < 2026-03b - Href Link Injection

🗓️ 10 Jul 2026 03:01:38Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 17 Views

Mailcow pre-2026-03b permits unauthenticated parameter injection on login page via REQUEST_URI, enabling phishing.

Related
Refs
Code
id: CVE-2026-40878

info:
  name: Mailcow < 2026-03b - Href Link Injection
  author: ritikchaddha
  severity: low
  description: |
    mailcow < 2026-03b reflects raw REQUEST_URI into JavaScript and href links on the login page, allowing attackers to inject parameters that break JS logic and enable phishing.
  impact: |
    Unauthenticated parameter injection into JavaScript and href attributes on the login page. Enables phishing, open-redirect chaining, and JS logic corruption (DoS of FIDO2/WebAuthn and CSRF handlers) via backslash injection.
  remediation: |
    Upgrade to mailcow 2026-03b or later.
  reference:
    - https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-xv9r-j862-5hqf
    - https://github.com/mailcow/mailcow-dockerized
    - https://nvd.nist.gov/vuln/detail/CVE-2026-40878
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
    cvss-score: 3.1
    cve-id: CVE-2026-40878
    epss-score: 0.00805
    epss-percentile: 0.52424
  metadata:
    verified: true
    max-request: 2
    vendor: mailcow
    product: mailcow-dockerized
    shodan-query: http.favicon.hash:2146763496
    fofa-query: title="mailcow"
  tags: cve,cve2026,mailcow,link-injection

http:
  - method: GET
    path:
      - "{{BaseURL}}/?session_expired=true&redirect=http://evil.com"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "function setLang"
          - "$.post( '/?session_expired=true&amp;redirect=http://evil.com"
        condition: and

      - type: status
        status:
          - 200
# digest: 4a0a0047304502204f7a61683f6161032267def3b38af544bfd835199a6c0e8da752b9588f1bb385022100a7f97386d3493c6c7fb3c836a944027e8b36b6dd6375455b80f750c3f065639e:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

07 May 2026 09:12Current
6Medium risk
Vulners AI Score6
CVSS 42.1
EPSS0.00805
SSVC
17