CVE-2026-40874

mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 2026-03b, no administrator verification takes place when deleting Forwarding Hosts with /api/v1/delete/fwdhost. Any authenticated user can call this API. Checks are only applied for edit/add actions,...

EUVD-2026-24256

mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 2026-03b, no administrator verification takes place when deleting Forwarding Hosts with /api/v1/delete/fwdhost. Any authenticated user can call this API. Checks are only applied for edit/add actions,...

CVE-2026-40874

CVE-2026-40874 affects mailcow: dockerized. Prior to 2026-03b, there was no administrator verification for deleting Forwarding Hosts via /api/v1/delete/fwdhost, allowing any authenticated user to call the API. Deletion could significantly disrupt mail service, while checks existed only for edit/a...

CVE-1999-1580

SunOS sendmail 5.59 through 5.65 uses popen to process a forwarding host argument, which allows local users to gain root privileges by modifying the IFS Internal Field Separator variable and passing crafted values to the -oR option...