11 matches found
SUSE CVE-2026-27808
Mailpit is an email testing tool and API for developers. Prior to version 1.29.2, the Link Check API /api/v1/message/ID/link-check is vulnerable to Server-Side Request Forgery SSRF. The server performs HTTP HEAD requests to every URL found in an email without validating target hosts or filtering...
FreeBSD : mail/mailpit -- Server-Side Request Forgery (SSRF) via Link Check API (fe6209a3-126c-11f1-8a62-0897988a1c07)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the fe6209a3-126c-11f1-8a62-0897988a1c07 advisory. Mailpit author reports: The Link Check API /api/v1/message/ID/link-check is vulnerable to Server-Side...
CVE-2026-27808
Mailpit is an email testing tool and API for developers. Prior to version 1.29.2, the Link Check API /api/v1/message/ID/link-check is vulnerable to Server-Side Request Forgery SSRF. The server performs HTTP HEAD requests to every URL found in an email without validating target hosts or filtering...
GO-2026-4558 Mailpit is Vulnerable to Server-Side Request Forgery (SSRF) via Link Check API in github.com/axllent/mailpit
Mailpit is Vulnerable to Server-Side Request Forgery SSRF via Link Check API in github.com/axllent/mailpit...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the doHead function in the Link Check API, which performs HTTP HEAD requests to URLs extracted from email content without validating target hosts or filtering private/internal IP addresses. An attack...
EUVD-2026-8775
Mailpit is Vulnerable to Server-Side Request Forgery SSRF via Link Check API...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the doHead function in the Link Check API, which performs HTTP HEAD requests to URLs extracted from email content without validating target hosts or filtering private/internal IP addresses. An attack...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the doHead function in the Link Check API, which performs HTTP HEAD requests to URLs extracted from email content without validating target hosts or filtering private/internal IP addresses. An attack...
CVE-2026-27808
Mailpit is an email testing tool and API for developers. Prior to version 1.29.2, the Link Check API /api/v1/message/ID/link-check is vulnerable to Server-Side Request Forgery SSRF. The server performs HTTP HEAD requests to every URL found in an email without validating target hosts or filtering...
CVE-2026-27808 Mailpit is Vulnerable to Server-Side Request Forgery (SSRF) via Link Check API
Mailpit is an email testing tool and API for developers. Prior to version 1.29.2, the Link Check API /api/v1/message/ID/link-check is vulnerable to Server-Side Request Forgery SSRF. The server performs HTTP HEAD requests to every URL found in an email without validating target hosts or filtering...
PT-2026-22057
Name of the Vulnerable Software and Affected Versions Mailpit versions prior to 1.29.2 Description Mailpit is an email testing tool and API for developers. A Server-Side Request Forgery SSRF issue exists in the Link Check API. This allows unauthenticated remote attackers to map internal networks...