116 matches found
CVE-2026-21859
Mailpit is an email testing tool and API for developers. Versions 1.28.0 and below have a Server-Side Request Forgery SSRF vulnerability in the /proxy endpoint, allowing attackers to make requests to internal network resources. The /proxy endpoint validates http:// and https:// schemes, but it do...
Mailpit 代码问题漏洞
Mailpit is an email testing tool by the individual developer Ralph Slooten. A code issue vulnerability exists in Mailpit 1.28.0 and prior versions that stems from a server-side request forgery in the /proxy endpoint that allows an attacker to access internal network resources...
CVE-2026-21859 Mailpit Proxy Endpoint is Vulnerable to Server-Side Request Forgery (SSRF)
Mailpit is an email testing tool and API for developers. Versions 1.28.0 and below have a Server-Side Request Forgery SSRF vulnerability in the /proxy endpoint, allowing attackers to make requests to internal network resources. The /proxy endpoint validates http:// and https:// schemes, but it do...
CVE-2026-21859 Mailpit Proxy Endpoint is Vulnerable to Server-Side Request Forgery (SSRF)
Mailpit is an email testing tool and API for developers. Versions 1.28.0 and below have a Server-Side Request Forgery SSRF vulnerability in the /proxy endpoint, allowing attackers to make requests to internal network resources. The /proxy endpoint validates http:// and https:// schemes, but it do...
CVE-2026-21859 Mailpit Proxy Endpoint is Vulnerable to Server-Side Request Forgery (SSRF)
Mailpit is an email testing tool and API for developers. Versions 1.28.0 and below have a Server-Side Request Forgery SSRF vulnerability in the /proxy endpoint, allowing attackers to make requests to internal network resources. The /proxy endpoint validates http:// and https:// schemes, but it do...
CVE-2026-21859
Mailpit is vulnerable to Server-Side Request Forgery (SSRF) in the /proxy endpoint for versions 1.28.0 and earlier. The endpoint validates http:// and https:// but does not block internal IPs, enabling an attacker to access internal resources via crafted HTTP GET requests with minimal headers. Th...
FreeBSD : mail/mailpit -- Server-Side Request Forgery (df33c83b-eb4f-11f0-a46f-0897988a1c07)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the df33c83b-eb4f-11f0-a46f-0897988a1c07 advisory. Mailpit author reports: A Server-Side Request Forgery SSRF vulnerability exists in Mailpit's /proxy...
EUVD-2026-1038
Mailpit Proxy Endpoint has Server-Side Request Forgery SSRF vulnerability...
Mailpit Proxy Endpoint has Server-Side Request Forgery (SSRF) vulnerability
Summary A Server-Side Request Forgery SSRF vulnerability exists in Mailpit's /proxy endpoint that allows attackers to make requests to internal network resources. Description The /proxy endpoint allows requests to internal network resources. While it validates http:// and https:// schemes, it doe...
GHSA-8V65-47JX-7MFR Mailpit Proxy Endpoint has Server-Side Request Forgery (SSRF) vulnerability
Summary A Server-Side Request Forgery SSRF vulnerability exists in Mailpit's /proxy endpoint that allows attackers to make requests to internal network resources. Description The /proxy endpoint allows requests to internal network resources. While it validates http:// and https:// schemes, it doe...
PT-2026-2106
Name of the Vulnerable Software and Affected Versions Mailpit versions 1.28.0 and below Description Mailpit is an email testing tool and API for developers. A Server-Side Request Forgery SSRF exists in the /proxy endpoint, allowing attackers to make requests to internal network resources. The...
FreeBSD : Mailpit -- Performance information disclosure (0b5145e9-a500-11f0-a136-10ffe07f9334)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 0b5145e9-a500-11f0-a136-10ffe07f9334 advisory. Ralph Slooten Mailpit developer reports: An HTTP endpoint was found which exposed expvar runtime...
Mailpit -- Content Security Policy XSS
Mailpit developer reports: A vulnerability was discovered which allowed a bad actor with SMTP access to Mailpit to bypass the Content Security Policy headers using a series of crafted HTML messages which could result in a stored XSS attack via the web UI...
FreeBSD : Mailpit -- Content Security Policy XSS (3e917407-4b3f-11ef-8e49-001999f8d30b)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 3e917407-4b3f-11ef-8e49-001999f8d30b advisory. Mailpit developer reports: A vulnerability was discovered which allowed a bad actor with SMTP access to...
Mailpit affected by vulnerability in included go markdown module
Mailpit author reports: Update Go modules to address CVE-2023-42821 go markdown module DoS...
FreeBSD : Mailpit affected by vulnerability in included go markdown module (732282a5-5a10-11ee-bca0-001999f8d30b)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 732282a5-5a10-11ee-bca0-001999f8d30b advisory. - The package github.com/gomarkdown/markdown is a Go library for parsing Markdown text and rendering as...