CVE-2026-59721
Hoppscotch (open source API development ecosystem) contains a Rooted Command Execution risk before version 2026.6.0 due to the updateInfraConfigs GraphQL mutation in admin/infra.resolver.ts accepting an attacker-controlled MAILER_SMTP_URL. The validateSMTPUrl in utils.ts permits path, query, or f...