CNNVD-202601-2973 Information

CNNVD ID

CNNVD-202601-2973

Related CVE

CVE-2026-23829

• CNNVD Published: 2026-01-19

Description (Chinese)

Mailpit是Ralph Slooten个人开发者的一个电子邮件测试工具。 Mailpit 1.28.3之前版本存在安全漏洞，该漏洞源于验证RCPT TO和MAIL FROM地址的正则表达式不足，可能导致标头注入。

Description (English)

Mailpit is an e-mail test tool for Ralph Slooten’s personal developer. There was a security loophole in the previous version of Mailpit 1.283, which stemmed from inadequate regular expression to validate RCPT TO and MAIL FROM addresses, which could lead to the injection of header.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2026-01-19

Last Modified

2026-02-24

References

https://github.com/axllent/mailpit/releases/tag/v1.28.3 https://github.com/axllent/mailpit/security/advisories/GHSA-54wq-72mp-cq7c https://github.com/axllent/mailpit/commit/36cc06c125954dec6673219dafa084e13cc14534 https://access.redhat.com/security/cve/cve-2026-23829

Patch

https://github.com/axllent/mailpit/releases