Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2026-23829 PoC — Mailpit 安全漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2026/CVE-2026-23829.yaml
Associated Vulnerability
Title:Mailpit 安全漏洞 (CVE-2026-23829)
Description:Mailpit是Ralph Slooten个人开发者的一个电子邮件测试工具。 Mailpit 1.28.3之前版本存在安全漏洞,该漏洞源于验证RCPT TO和MAIL FROM地址的正则表达式不足,可能导致标头注入。
Description
Mailpit < 1.28 contains a header injection caused by insufficient regex validation of `RCPT TO` and `MAIL FROM` addresses in the SMTP server, letting attackers inject arbitrary SMTP headers, exploit requires crafted email addresses
File Snapshot

 id: CVE-2026-23829

info:
  name: Mailpit < 1.28.2 - SMTP CRLF Injection
  author: omarkurt
  severi

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.