EUVD-2026-39901

In the Linux kernel, the following vulnerability has been resolved: mailbox: mailbox-test: free channels on probe error On probe error, free the previously obtained channels. This not only prevents a leak, but also UAF scenarios because the client structure will be removed nonetheless because it...

CVE-2026-53296

The CVE-2026-53296 entry concerns the Linux kernel mailbox subsystem, specifically the mailbox-test path where channels are freed on probe error. The underlying issue is that channels obtained prior to a probe error must be freed to prevent resource leaks and avoidance of use-after-free (UAF) bec...

EUVD-2026-39899

In the Linux kernel, the following vulnerability has been resolved: mailbox: mailbox-test: don't free the reused channel The RX channel can be aliased to the TX channel if it has a different MMIO. This special case needs to be handled when freeing the channels otherwise a double-free occurs...

CVE-2026-53294

The CVE-2026-53294 entry concerns the Linux kernel mailbox subsystem. The issue arises in mailbox-test where the RX channel can be aliased to the TX channel if they have different MMIO, creating a special case that can lead to a double-free when freeing channels. The public descriptions indicate ...

CVE-2026-40566

FreeScout (versions before 1.8.213) contains an SSRF in the IMAP/SMTP connection test flow via MailboxesController. The three AJAX actions fetch_test, send_test, and imap_folders pass admin-configured in_server/in_port and out_server/out_port directly to fsockopen and to IMAP/SMTP clients without...