120 matches found
CVE-2026-22689 Mailpit is vulnerable to Cross-Site WebSocket Hijacking (CSWSH) allowing unauthenticated access to emails
Mailpit is an email testing tool and API for developers. Prior to version 1.28.2, the Mailpit WebSocket server is configured to accept connections from any origin. This lack of Origin header validation introduces a Cross-Site WebSocket Hijacking CSWSH vulnerability. An attacker can host a malicio...
Mailpit 安全漏洞
Mailpit is an email testing tool from the individual developer Ralph Slooten. A security vulnerability exists in Mailpit versions prior to 1.28.2, which stems from a lack of Origin header validation in the WebSocket server and could lead to cross-site WebSocket hijacking and data leakage...
PT-2026-2243
Name of the Vulnerable Software and Affected Versions Mailpit versions prior to 1.28.2 Description Mailpit, an email testing tool and API for developers, contains a Cross-Site WebSocket Hijacking CSWSH issue in its WebSocket server. The server, in versions prior to 1.28.2, does not validate the...
CVE-2026-21859
Mailpit is an email testing tool and API for developers. Versions 1.28.0 and below have a Server-Side Request Forgery SSRF vulnerability in the /proxy endpoint, allowing attackers to make requests to internal network resources. The /proxy endpoint validates http:// and https:// schemes, but it do...
CVE-2026-21859
Mailpit is an email testing tool and API for developers. Versions 1.28.0 and below have a Server-Side Request Forgery SSRF vulnerability in the /proxy endpoint, allowing attackers to make requests to internal network resources. The /proxy endpoint validates http:// and https:// schemes, but it do...
Mailpit 代码问题漏洞
Mailpit is an email testing tool by the individual developer Ralph Slooten. A code issue vulnerability exists in Mailpit 1.28.0 and prior versions that stems from a server-side request forgery in the /proxy endpoint that allows an attacker to access internal network resources...
CVE-2026-21859 Mailpit Proxy Endpoint is Vulnerable to Server-Side Request Forgery (SSRF)
Mailpit is an email testing tool and API for developers. Versions 1.28.0 and below have a Server-Side Request Forgery SSRF vulnerability in the /proxy endpoint, allowing attackers to make requests to internal network resources. The /proxy endpoint validates http:// and https:// schemes, but it do...
CVE-2026-21859
Mailpit is vulnerable to Server-Side Request Forgery (SSRF) in the /proxy endpoint for versions 1.28.0 and earlier. The endpoint validates http:// and https:// but does not block internal IPs, enabling an attacker to access internal resources via crafted HTTP GET requests with minimal headers. Th...
CVE-2026-21859 Mailpit Proxy Endpoint is Vulnerable to Server-Side Request Forgery (SSRF)
Mailpit is an email testing tool and API for developers. Versions 1.28.0 and below have a Server-Side Request Forgery SSRF vulnerability in the /proxy endpoint, allowing attackers to make requests to internal network resources. The /proxy endpoint validates http:// and https:// schemes, but it do...
CVE-2026-21859 Mailpit Proxy Endpoint is Vulnerable to Server-Side Request Forgery (SSRF)
Mailpit is an email testing tool and API for developers. Versions 1.28.0 and below have a Server-Side Request Forgery SSRF vulnerability in the /proxy endpoint, allowing attackers to make requests to internal network resources. The /proxy endpoint validates http:// and https:// schemes, but it do...
FreeBSD : mail/mailpit -- Server-Side Request Forgery (df33c83b-eb4f-11f0-a46f-0897988a1c07)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the df33c83b-eb4f-11f0-a46f-0897988a1c07 advisory. Mailpit author reports: A Server-Side Request Forgery SSRF vulnerability exists in Mailpit's /proxy...
GHSA-8V65-47JX-7MFR Mailpit Proxy Endpoint has Server-Side Request Forgery (SSRF) vulnerability
Summary A Server-Side Request Forgery SSRF vulnerability exists in Mailpit's /proxy endpoint that allows attackers to make requests to internal network resources. Description The /proxy endpoint allows requests to internal network resources. While it validates http:// and https:// schemes, it doe...
EUVD-2026-1038
Mailpit Proxy Endpoint has Server-Side Request Forgery SSRF vulnerability...
Mailpit Proxy Endpoint has Server-Side Request Forgery (SSRF) vulnerability
Summary A Server-Side Request Forgery SSRF vulnerability exists in Mailpit's /proxy endpoint that allows attackers to make requests to internal network resources. Description The /proxy endpoint allows requests to internal network resources. While it validates http:// and https:// schemes, it doe...
PT-2026-2106
Name of the Vulnerable Software and Affected Versions Mailpit versions 1.28.0 and below Description Mailpit is an email testing tool and API for developers. A Server-Side Request Forgery SSRF exists in the /proxy endpoint, allowing attackers to make requests to internal network resources. The...
FreeBSD : Mailpit -- Performance information disclosure (0b5145e9-a500-11f0-a136-10ffe07f9334)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 0b5145e9-a500-11f0-a136-10ffe07f9334 advisory. Ralph Slooten Mailpit developer reports: An HTTP endpoint was found which exposed expvar runtime...
Mailpit -- Content Security Policy XSS
Mailpit developer reports: A vulnerability was discovered which allowed a bad actor with SMTP access to Mailpit to bypass the Content Security Policy headers using a series of crafted HTML messages which could result in a stored XSS attack via the web UI...
FreeBSD : Mailpit -- Content Security Policy XSS (3e917407-4b3f-11ef-8e49-001999f8d30b)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 3e917407-4b3f-11ef-8e49-001999f8d30b advisory. Mailpit developer reports: A vulnerability was discovered which allowed a bad actor with SMTP access to...
Mailpit affected by vulnerability in included go markdown module
Mailpit author reports: Update Go modules to address CVE-2023-42821 go markdown module DoS...
FreeBSD : Mailpit affected by vulnerability in included go markdown module (732282a5-5a10-11ee-bca0-001999f8d30b)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 732282a5-5a10-11ee-bca0-001999f8d30b advisory. - The package github.com/gomarkdown/markdown is a Go library for parsing Markdown text and rendering as...