CVE-2026-39971
CVE-2026-39971 affects Serendipity (PHP weblog). In versions 2.6-beta2 and earlier, include/functions.inc.php embeds the HTTP_HOST value into the SMTP Message-ID header without validation, and serendipity_isResponseClean() is not applied to HTTP_HOST before embedding. An attacker who can control ...