PT-2026-41968

Summary The Mailpit SMTP server has a Server.MaxSize int field that controls the maximum allowed DATA payload size, but the field is never assigned anywhere outside test code, leaving it at Go's zero value 0 ⇒ "no limit". The same applies to the HTTP /api/v1/send endpoint, whose request body is...

FreeBSD : mail/mailpit -- Cross-Site WebSocket Hijacking (d822839e-ee4f-11f0-b53e-0897988a1c07)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the d822839e-ee4f-11f0-b53e-0897988a1c07 advisory. Mailpit author reports: The Mailpit WebSocket server is configured to accept connections from any origi...