CVE-2026-40873
CVE-2026-40873 affects mailcow: dockerized. The Quarantine details modal injects attachment filenames into HTML without escaping, enabling stored XSS that can run when an admin views a quarantine item, potentially leading to account takeover. This vulnerability exists in versions prior to 2026-03...