Lucene search
K

116 matches found

NVD
NVD
added 2026/01/08 12:16 a.m.11 views

CVE-2026-21859

Mailpit is an email testing tool and API for developers. Versions 1.28.0 and below have a Server-Side Request Forgery SSRF vulnerability in the /proxy endpoint, allowing attackers to make requests to internal network resources. The /proxy endpoint validates http:// and https:// schemes, but it do...

5.8CVSS0.00755EPSS
Exploits2References2
CNNVD
CNNVD
added 2026/01/08 12:0 a.m.6 views

Mailpit 代码问题漏洞

Mailpit is an email testing tool by the individual developer Ralph Slooten. A code issue vulnerability exists in Mailpit 1.28.0 and prior versions that stems from a server-side request forgery in the /proxy endpoint that allows an attacker to access internal network resources...

5.8CVSS6.7AI score0.00755EPSS
Exploits2References2
Cvelist
Cvelist
added 2026/01/07 11:24 p.m.31 views

CVE-2026-21859 Mailpit Proxy Endpoint is Vulnerable to Server-Side Request Forgery (SSRF)

Mailpit is an email testing tool and API for developers. Versions 1.28.0 and below have a Server-Side Request Forgery SSRF vulnerability in the /proxy endpoint, allowing attackers to make requests to internal network resources. The /proxy endpoint validates http:// and https:// schemes, but it do...

5.8CVSS0.00755EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2026/01/07 11:24 p.m.3 views

CVE-2026-21859 Mailpit Proxy Endpoint is Vulnerable to Server-Side Request Forgery (SSRF)

Mailpit is an email testing tool and API for developers. Versions 1.28.0 and below have a Server-Side Request Forgery SSRF vulnerability in the /proxy endpoint, allowing attackers to make requests to internal network resources. The /proxy endpoint validates http:// and https:// schemes, but it do...

5.8CVSS6.4AI score0.00755EPSS
Exploits2References2
OSV
OSV
added 2026/01/07 11:24 p.m.5 views

CVE-2026-21859 Mailpit Proxy Endpoint is Vulnerable to Server-Side Request Forgery (SSRF)

Mailpit is an email testing tool and API for developers. Versions 1.28.0 and below have a Server-Side Request Forgery SSRF vulnerability in the /proxy endpoint, allowing attackers to make requests to internal network resources. The /proxy endpoint validates http:// and https:// schemes, but it do...

5.8CVSS6.4AI score0.00755EPSS
Exploits2References4
CVE
CVE
added 2026/01/07 11:24 p.m.26 views

CVE-2026-21859

Mailpit is vulnerable to Server-Side Request Forgery (SSRF) in the /proxy endpoint for versions 1.28.0 and earlier. The endpoint validates http:// and https:// but does not block internal IPs, enabling an attacker to access internal resources via crafted HTTP GET requests with minimal headers. Th...

5.8CVSS6.4AI score0.00755EPSS
In wildExploits2References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/01/07 12:0 a.m.5 views

FreeBSD : mail/mailpit -- Server-Side Request Forgery (df33c83b-eb4f-11f0-a46f-0897988a1c07)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the df33c83b-eb4f-11f0-a46f-0897988a1c07 advisory. Mailpit author reports: A Server-Side Request Forgery SSRF vulnerability exists in Mailpit's /proxy...

5.8CVSS5.9AI score0.00755EPSS
Exploits2References3
EUVD
EUVD
added 2026/01/06 5:44 p.m.6 views

EUVD-2026-1038

Mailpit Proxy Endpoint has Server-Side Request Forgery SSRF vulnerability...

6.5AI score0.00755EPSS
Exploits2References3
Github Security Blog
Github Security Blog
added 2026/01/06 5:44 p.m.11 views

Mailpit Proxy Endpoint has Server-Side Request Forgery (SSRF) vulnerability

Summary A Server-Side Request Forgery SSRF vulnerability exists in Mailpit's /proxy endpoint that allows attackers to make requests to internal network resources. Description The /proxy endpoint allows requests to internal network resources. While it validates http:// and https:// schemes, it doe...

5.8CVSS6.9AI score0.00755EPSS
Exploits2References5Affected Software1
OSV
OSV
added 2026/01/06 5:44 p.m.2 views

GHSA-8V65-47JX-7MFR Mailpit Proxy Endpoint has Server-Side Request Forgery (SSRF) vulnerability

Summary A Server-Side Request Forgery SSRF vulnerability exists in Mailpit's /proxy endpoint that allows attackers to make requests to internal network resources. Description The /proxy endpoint allows requests to internal network resources. While it validates http:// and https:// schemes, it doe...

5.8CVSS6.8AI score0.00755EPSS
Exploits2References5
Positive Technologies
Positive Technologies
added 2026/01/06 12:0 a.m.6 views

PT-2026-2106

Name of the Vulnerable Software and Affected Versions Mailpit versions 1.28.0 and below Description Mailpit is an email testing tool and API for developers. A Server-Side Request Forgery SSRF exists in the /proxy endpoint, allowing attackers to make requests to internal network resources. The...

9.9CVSS6.6AI score0.01747EPSS
Exploits9References50
Tenable Nessus
Tenable Nessus
added 2025/10/10 12:0 a.m.2 views

FreeBSD : Mailpit -- Performance information disclosure (0b5145e9-a500-11f0-a136-10ffe07f9334)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 0b5145e9-a500-11f0-a136-10ffe07f9334 advisory. Ralph Slooten Mailpit developer reports: An HTTP endpoint was found which exposed expvar runtime...

5.6AI score
Exploits0References2
FreeBSD
FreeBSD
added 2024/07/26 12:0 a.m.14 views

Mailpit -- Content Security Policy XSS

Mailpit developer reports: A vulnerability was discovered which allowed a bad actor with SMTP access to Mailpit to bypass the Content Security Policy headers using a series of crafted HTML messages which could result in a stored XSS attack via the web UI...

6.1AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/07/26 12:0 a.m.5 views

FreeBSD : Mailpit -- Content Security Policy XSS (3e917407-4b3f-11ef-8e49-001999f8d30b)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 3e917407-4b3f-11ef-8e49-001999f8d30b advisory. Mailpit developer reports: A vulnerability was discovered which allowed a bad actor with SMTP access to...

5.6AI score
Exploits0References2
FreeBSD
FreeBSD
added 2023/09/23 12:0 a.m.22 views

Mailpit affected by vulnerability in included go markdown module

Mailpit author reports: Update Go modules to address CVE-2023-42821 go markdown module DoS...

7.5CVSS7AI score0.01042EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2023/09/23 12:0 a.m.18 views

FreeBSD : Mailpit affected by vulnerability in included go markdown module (732282a5-5a10-11ee-bca0-001999f8d30b)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 732282a5-5a10-11ee-bca0-001999f8d30b advisory. - The package github.com/gomarkdown/markdown is a Go library for parsing Markdown text and rendering as...

7.5CVSS7.4AI score0.01042EPSS
Exploits1References2
Rows per page
Query Builder