CVE-2026-34834

Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to version 1.4.10, the verifyIdentity function contained logic that returned true if no session cookies were present. This allowed unauthenticated attackers to bypass security checks and access/modify user settings vi...

CVE-2026-34834 Bulwark Webmail: Authentication Bypass in verifyIdentity() due to missing cookie validation

Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to version 1.4.10, the verifyIdentity function contained logic that returned true if no session cookies were present. This allowed unauthenticated attackers to bypass security checks and access/modify user settings vi...

CVE-2026-34834

Bulwark Webmail (self-hosted webmail client for Stalwart Mail Server) had an authentication bypass in verifyIdentity() before version 1.4.10 due to missing session cookie validation. The logic returned true when no session cookies were present, allowing unauthenticated attackers to bypass securit...

EUVD-2026-18531

Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to version 1.4.10, the verifyIdentity function contained logic that returned true if no session cookies were present. This allowed unauthenticated attackers to bypass security checks and access/modify user settings vi...

Bulwark Webmail 授权问题漏洞

Bulwark Webmail is an open-source hosted webmail client developed by Bulwark Mail. Versions of Bulwark Webmail prior to 1.4.10 had an authorization vulnerability. This vulnerability stemmed from a logical issue in the verifyIdentity function, which returned true when no session cookie was present...