Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

mailcow — Vulnerabilities & Security Advisories 20

Browse all 20 CVE security advisories affecting mailcow. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top 10 Products mailcow:mailcow-dockerized
CVE IDTitleCVSSSeverityPaused
CVE-2026-40878 mailcow-dockerized Login Page has Reflected Parameter Injection / Wrong-Context XSS Escaping — mailcow-dockerizedCWE-79 8.2AIHighAI2026-04-21
CVE-2026-40875 mailcow: dockerized vulnerable to stored XSS in user login history real_rip — mailcow-dockerizedCWE-79 6.1AIMediumAI2026-04-21
CVE-2026-40874 mailcow: dockerized missing authorization on Forwarding Hosts delete action — mailcow-dockerizedCWE-284 5.4AIMediumAI2026-04-21
CVE-2026-40873 mailcow: dockerized vulnerable to stored XSS in Quarantine attachment filenames — mailcow-dockerizedCWE-79 6.1AIMediumAI2026-04-21
CVE-2026-40872 mailcow: dockerized vulnerable to stored XSS in autodiscover logs email address field — mailcow-dockerizedCWE-79 6.1AIMediumAI2026-04-21
CVE-2026-40871 mailcow: dockerized vulnerable to Second Order SQL Injection in quarantine category via API — mailcow-dockerizedCWE-20 7.2 High2026-04-21
CVE-2025-53909 mailcow: dockerized vulnerable to SSTI in Quota and Quarantine Notification Template — mailcow-dockerizedCWE-1336 9.1 Critical2025-07-17
CVE-2025-25198 mailcow: dockerized vulnerable to password reset poisoning — mailcow-dockerizedCWE-601 7.1 High2025-02-12
CVE-2024-41960 Cross-site Scripting (XSS) via Relay Hosts Configuration in mailcow: dockerized — mailcow-dockerizedCWE-79 3.8 Low2024-08-05
CVE-2024-41959 Cross-site Scripting (XSS) via API Logs in mailcow: dockerized — mailcow-dockerizedCWE-79 7.6 High2024-08-05
CVE-2024-41958 Two-Factor Authentication (2FA) Bypass in mailcow: dockerized — mailcow-dockerizedCWE-697 6.6 Medium2024-08-05
CVE-2024-31204 mailcow Cross-site Scripting Vulnerability via Exception Handler — mailcow-dockerizedCWE-79 6.1 Medium2024-04-04
CVE-2024-30270 mailcow Path Traversal and Arbitrary Code Execution Vulnerability — mailcow-dockerizedCWE-22 6.2 Medium2024-04-04
CVE-2024-24760 Mailcow Docker Container Exposure to Local Network — mailcow-dockerizedCWE-610 8.8 High2024-02-02
CVE-2024-23824 mailcow ipixel flood attack leads to Denial of Service in admin page — mailcow-dockerizedCWE-400 4.7 Medium2024-02-02
CVE-2023-49077 mailcow-dockerized XSS Vulnerability in Quarantine UI Allows Unauthorized Access and Data Manipulation — mailcow-dockerizedCWE-79 8.3 High2023-11-30
CVE-2023-34108 Manipulation of Internal Dovecot Variables in mailcow via crafted Passwords — mailcow-dockerizedCWE-78 8.8 High2023-06-07
CVE-2023-26490 mailcow is vulnerable to shell command injection via xoauth2 authentication in imapsync​ — mailcow-dockerizedCWE-78 7.3 High2023-03-03
CVE-2022-39258 mailcow-dockerized critical information misrepresentation can lead to phishing attacks through Swagger UI — mailcow-dockerizedCWE-451 8.1 High2022-09-27
CVE-2022-31138 OS Command Injection in mailcow — mailcow-dockerizedCWE-78 8.8 High2022-07-11

This page lists every published CVE security advisory associated with mailcow. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.