Mailpit < 1.28.2 - SMTP CRLF Injection
Mailpit 1.28 contains a header injection caused by insufficient regex validation of RCPT TO and MAIL FROM addresses in the SMTP server, letting attackers inject arbitrary SMTP headers, exploit requires crafted email addresses id: CVE-2026-23829 info: name: Mailpit 1.28.2 - SMTP CRLF Injection...