6 matches found
Server-Side Request Forgery (SSRF)
github.com/axllent/mailpit is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to the HTML Check feature automatically downloading remote CSS resources without proper validation, which allows an attacker to embed malicious stylesheet links in emails and trigger unauthorize...
EUVD-2026-3296
Mailpit has a Server-Side Request Forgery SSRF via HTML Check API...
GHSA-6JXM-FV7W-RW5J Mailpit has a Server-Side Request Forgery (SSRF) via HTML Check API
Server-Side Request Forgery SSRF via HTML Check CSS Download The HTML Check feature /api/v1/message/ID/html-check is designed to analyze HTML emails for compatibility. During this process, the inlineRemoteCSS function automatically downloads CSS files from external tags to inline them for testing...
CVE-2026-23845
Mailpit is an email testing tool and API for developers. Versions prior to 1.28.3 are vulnerable to Server-Side Request Forgery SSRF via HTML Check CSS Download. The HTML Check feature /api/v1/message/ID/html-check is designed to analyze HTML emails for compatibility. During this process, the...
CVE-2026-23845 Mailpit Vulnerable to Server-Side Request Forgery (SSRF) via HTML Check API
Mailpit is an email testing tool and API for developers. Versions prior to 1.28.3 are vulnerable to Server-Side Request Forgery SSRF via HTML Check CSS Download. The HTML Check feature /api/v1/message/ID/html-check is designed to analyze HTML emails for compatibility. During this process, the...
CVE-2026-23845 Mailpit Vulnerable to Server-Side Request Forgery (SSRF) via HTML Check API
Mailpit is an email testing tool and API for developers. Versions prior to 1.28.3 are vulnerable to Server-Side Request Forgery SSRF via HTML Check CSS Download. The HTML Check feature /api/v1/message/ID/html-check is designed to analyze HTML emails for compatibility. During this process, the...