Lucene search
K
BulwarkmailWebmail

5 matches found

CVE
CVE
added 2026/04/02 7:11 p.m.21 views

CVE-2026-34834

Bulwark Webmail (self-hosted webmail client for Stalwart Mail Server) had an authentication bypass in verifyIdentity() before version 1.4.10 due to missing session cookie validation. The logic returned true when no session cookies were present, allowing unauthenticated attackers to bypass securit...

8.7CVSS5.9AI score0.00252EPSS
Web
CVE
CVE
added 2026/04/02 7:11 p.m.16 views

CVE-2026-34833

Bulwark Webmail (self-hosted for Stalwart Mail Server) exposed plaintext user passwords in the GET /api/auth/session response prior to version 1.4.10. The vulnerability allowed credentials to appear in browser logs, local caches, and network proxies. The issue is fixed in version 1.4.10. No explo...

8.7CVSS5.8AI score0.0017EPSS
Web
CVE
CVE
added 2026/04/06 8:11 p.m.16 views

CVE-2026-35389

CVE-2026-35389 affects Bulwark Webmail (self-hosted client for Stalwart Mail Server). Before version 1.4.11, S/MIME signature verification did not validate the certificate trust chain (checkChain: false), causing emails signed with self-signed or untrusted certificates to appear as having a valid...

8.7CVSS5.9AI score0.00177EPSS
CVE
CVE
added 2026/04/06 8:17 p.m.16 views

CVE-2026-35391

CVE-2026-35391 affects Bulwark Webmail (lib/admin/session.ts getClientIP) prior to version 1.4.11. The function trusts the first (leftmost) entry of the X-Forwarded-For header, which is client-controlled. This allows an attacker to forge their source IP to bypass IP-based rate limiting (facilitat...

8.7CVSS6AI score0.00136EPSS
CVE
CVE
added 2026/04/06 8:13 p.m.13 views

CVE-2026-35390

This CVE concerns Bulwark Webmail (self-hosted for Stalwart Mail Server). Before 1.4.11, the reverse proxy (proxy.ts) sent Content-Security-Policy-Report-Only instead of the enforcing Content-Security-Policy, causing XSS protections to log but not block. As a result, an attacker able to inject sc...

6.1CVSS6AI score0.00167EPSS