2 matches found
CVE-2026-21859
Mailpit is vulnerable to Server-Side Request Forgery (SSRF) in the /proxy endpoint for versions 1.28.0 and earlier. The endpoint validates http:// and https:// but does not block internal IPs, enabling an attacker to access internal resources via crafted HTTP GET requests with minimal headers. Th...
CVE-2026-21859
creationtimestamp| type| source ---|---|--- 2026-01-06 02:23:06+00:00| published-proof-of-concept| https://github.com/axllent/mailpit/security/advisories/GHSA-8v65-47jx-7mfr 2026-01-08 03:19:19+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mbuzjxd2f22m 2026-01-21 11:41:46+00:00|...