CNNVD-202601-1739 Information

CNNVD ID

CNNVD-202601-1739

Related CVE

CVE-2026-22689

• CNNVD Published: 2026-01-10

Description (Chinese)

Mailpit是Ralph Slooten个人开发者的一个电子邮件测试工具。 Mailpit 1.28.2之前版本存在安全漏洞，该漏洞源于WebSocket服务器缺少Origin标头验证，可能导致跨站WebSocket劫持和数据泄露。

Description (English)

Mailpit is an e-mail test tool for Ralph Slooten’s personal developer. There was a security loophole in the pre-Mailpit 1.2.8.2 version, which resulted from the lack of Origin header verification on the WebSocket server, which could lead to hijackings and data leaks across the WebSocket station.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2026-01-10

Last Modified

2026-02-24

References

https://github.com/axllent/mailpit/commit/6f1f4f34c98989fd873261018fb73830b30aec3f https://github.com/axllent/mailpit/security/advisories/GHSA-524m-q5m7-79mm

Patch

https://github.com/axllent/mailpit/releases