2 matches found
CVE-2026-40871 mailcow: dockerized vulnerable to Second Order SQL Injection in quarantine category via API
mailcow: dockerized is an open source groupware/email suite based on docker. Versions prior to 2026-03b have a second-order SQL injection vulnerability in the quarantinecategory field via the Mailcow API. The /api/v1/add/mailbox endpoint stores quarantinecategory without validation or sanitizatio...
CVE-2026-40871
CVE-2026-40871 affects the mailcow: dockerized project. Versions prior to 2026-03b are vulnerable to a second-order SQL injection in the quarantine_category field exposed via the Mailcow API, specifically at the /api/v1/add/mailbox endpoint. The input is stored without validation and later used b...