Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

mailcow-dockerized — Vulnerabilities & Security Advisories 20

All 20 CVE vulnerabilities found in mailcow-dockerized, with AI-generated Chinese analysis, references, and POCs.

Vendor: mailcow

CVE IDTitleCVSSSeverityPublished
CVE-2026-40878 mailcow-dockerized Login Page has Reflected Parameter Injection / Wrong-Context XSS Escaping CWE-79 8.2AIHighAI2026-04-21
CVE-2026-40875 mailcow: dockerized vulnerable to stored XSS in user login history real_rip CWE-79 6.1AIMediumAI2026-04-21
CVE-2026-40874 mailcow: dockerized missing authorization on Forwarding Hosts delete action CWE-284 5.4AIMediumAI2026-04-21
CVE-2026-40873 mailcow: dockerized vulnerable to stored XSS in Quarantine attachment filenames CWE-79 6.1AIMediumAI2026-04-21
CVE-2026-40872 mailcow: dockerized vulnerable to stored XSS in autodiscover logs email address field CWE-79 6.1AIMediumAI2026-04-21
CVE-2026-40871 mailcow: dockerized vulnerable to Second Order SQL Injection in quarantine category via API CWE-20 7.2 High2026-04-21
CVE-2025-53909 mailcow: dockerized vulnerable to SSTI in Quota and Quarantine Notification Template CWE-1336 9.1 Critical2025-07-17
CVE-2025-25198 mailcow: dockerized vulnerable to password reset poisoning CWE-601 7.1 High2025-02-12
CVE-2024-41960 Cross-site Scripting (XSS) via Relay Hosts Configuration in mailcow: dockerized CWE-79 3.8 Low2024-08-05
CVE-2024-41959 Cross-site Scripting (XSS) via API Logs in mailcow: dockerized CWE-79 7.6 High2024-08-05
CVE-2024-41958 Two-Factor Authentication (2FA) Bypass in mailcow: dockerized CWE-697 6.6 Medium2024-08-05
CVE-2024-31204 mailcow Cross-site Scripting Vulnerability via Exception Handler CWE-79 6.1 Medium2024-04-04
CVE-2024-30270 mailcow Path Traversal and Arbitrary Code Execution Vulnerability CWE-22 6.2 Medium2024-04-04
CVE-2024-24760 Mailcow Docker Container Exposure to Local Network CWE-610 8.8 High2024-02-02
CVE-2024-23824 mailcow ipixel flood attack leads to Denial of Service in admin page CWE-400 4.7 Medium2024-02-02
CVE-2023-49077 mailcow-dockerized XSS Vulnerability in Quarantine UI Allows Unauthorized Access and Data Manipulation CWE-79 8.3 High2023-11-30
CVE-2023-34108 Manipulation of Internal Dovecot Variables in mailcow via crafted Passwords CWE-78 8.8 High2023-06-07
CVE-2023-26490 mailcow is vulnerable to shell command injection via xoauth2 authentication in imapsync​ CWE-78 7.3 High2023-03-03
CVE-2022-39258 mailcow-dockerized critical information misrepresentation can lead to phishing attacks through Swagger UI CWE-451 8.1 High2022-09-27
CVE-2022-31138 OS Command Injection in mailcow CWE-78 8.8 High2022-07-11

All 20 known CVE vulnerabilities affecting mailcow-dockerized with full Chinese analysis, references, and POCs where available.