All 5 CVE vulnerabilities found in mailpit, with AI-generated Chinese analysis, references, and POCs.
Vendor: axllent
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-27808 | Mailpit is Vulnerable to Server-Side Request Forgery (SSRF) via Link Check API CWE-918 | 5.8 | Medium | 2026-02-25 |
| CVE-2026-23845 | Mailpit Vulnerable to Server-Side Request Forgery (SSRF) via HTML Check API CWE-918 | 5.8 | Medium | 2026-01-19 |
| CVE-2026-23829 | Mailpit has SMTP Header Injection via Regex Bypass CWE-93 | 5.3 | Medium | 2026-01-18 |
| CVE-2026-22689 | Mailpit is vulnerable to Cross-Site WebSocket Hijacking (CSWSH) allowing unauthenticated access to emails CWE-1385 | 6.5 | Medium | 2026-01-10 |
| CVE-2026-21859 | Mailpit Proxy Endpoint is Vulnerable to Server-Side Request Forgery (SSRF) CWE-918 | 5.8 | Medium | 2026-01-07 |
All 5 known CVE vulnerabilities affecting mailpit with full Chinese analysis, references, and POCs where available.