CNNVD-202601-1361 Information

CNNVD ID

CNNVD-202601-1361

Related CVE

CVE-2026-21859

• CNNVD Published: 2026-01-08

Description (Chinese)

Mailpit是Ralph Slooten个人开发者的一个电子邮件测试工具。 Mailpit 1.28.0及之前版本存在代码问题漏洞，该漏洞源于/proxy端点存在服务端请求伪造，允许攻击者访问内部网络资源。

Description (English)

Mailpit is an e-mail test tool for Ralph Slooten’s personal developer. There is a code gap in Mailpit 1.28.0 and earlier versions, which stems from the existence of service-end requests for forgery at the /proxy endpoint to allow the attackers access to internal network resources.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

个人开发者

Published

2026-01-08

Last Modified

2026-02-24

References

https://github.com/axllent/mailpit/commit/3b9b470c093b3d20b7d751722c1c24f3eed2e19d https://github.com/axllent/mailpit/security/advisories/GHSA-8v65-47jx-7mfr

Patch

https://github.com/axllent/mailpit/releases