Browse all 5 CVE security advisories affecting bulwarkmail. AI-powered Chinese analysis, POCs, and references for each vulnerability.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-35391 | Bulwark Webmail getClientIP() trusted client-controlled X-Forwarded-For value, enabling rate limit bypass and audit log forgery — webmailCWE-348 | 9.1AI | CriticalAI | 2026-04-06 |
| CVE-2026-35390 | Content-Security-Policy was set to Report-Only mode, failing to block XSS attacks — webmailCWE-79 | 5.4AI | MediumAI | 2026-04-06 |
| CVE-2026-35389 | Bulwark Webmail S/MIME signature verification accepted self-signed certificates — webmailCWE-295 | 5.3AI | MediumAI | 2026-04-06 |
| CVE-2026-34834 | Bulwark Webmail: Authentication Bypass in verifyIdentity() due to missing cookie validation — webmailCWE-287 | 8.2AI | HighAI | 2026-04-02 |
| CVE-2026-34833 | Bulwark Webmail: Information Exposure: password returned in /api/auth/session — webmailCWE-312 | 7.5AI | HighAI | 2026-04-02 |
This page lists every published CVE security advisory associated with bulwarkmail. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.