2 matches found
CVE-2026-55187 Mailpit: Incomplete SSRF protection in Link Check API via IPv6 transition mechanisms (follow-up to CVE-2026-27808)
Mailpit is an email testing tool and API for developers. Prior to 1.30.2, the remediation shipped for CVE-2026-27808 is incomplete because the tools.IsInternalIP deny-list in internal/tools/net.go relies on Go's standard library classification helpers and does not block IPv6 transition mechanisms...
Mailpit 安全漏洞
Mailpit is an email testing tool developed by Ralph Slooten personally. Versions of Mailpit prior to 1.29.2 contained security vulnerabilities. These vulnerabilities stemmed from the link-checking API’s execution of HTTP HEAD requests for each URL found in emails. During these requests, the targe...