CVE-2026-55187
Mailpit contains an SSRF protection gap in Link Check API prior to v1.30.2. The internal IsInternalIP deny-list only blocks common IPv4 private/local addresses and CGNAT, and does not recognize several IPv6 forms that embed IPv4 destinations or IPv6 prefixes outside standard private ranges. Bypas...