CVE-2026-40992

Spring Boot's Mail auto-configuration does not enable hostname verification. Applications that set the relevant JavaMail property, such as spring.mail.properties.mail.smtp.ssl.checkserveridentity=true, are not affected. Affected versions: Spring Boot 4.0.0 through 4.0.6; 3.5.0 through 3.5.14; 3.4...

PT-2020-15476 · Jenkins · Jenkins Mailer Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Mailer Plugin versions 1.32 and earlier Description: The issue is related to the lack of hostname validation when connecting to the configured SMTP server. This could be exploited using a man-in-the-middle attack to intercept...