CNNVD-202601-3003 Information
CNNVD ID
CNNVD-202601-3003
Related CVE
- CNNVD Published: 2026-01-19
Description (Chinese)
Mailpit是Ralph Slooten个人开发者的一个电子邮件测试工具。 Mailpit 1.28.3之前版本存在代码问题漏洞,该漏洞源于HTML Check功能中的inlineRemoteCSS函数可下载外部CSS文件,可能导致服务端请求伪造攻击。
Description (English)
Mailpit is an e-mail test tool for Ralph Slooten’s personal developer. The previous version of Mailpit 1.2.8.3 had a code problem loophole, which stemmed from the inline RemoteCS function in the HTML Check function, which could download external CSS files, and could lead to the service requesting a false attack.
Hazard Level
High
Vulnerability Type
代码问题
Affected Vendor
个人开发者
Published
2026-01-19
Last Modified
2026-02-24
References
https://github.com/axllent/mailpit/security/advisories/GHSA-6jxm-fv7w-rw5j https://github.com/axllent/mailpit/commit/1679a0aba592ebc8487a996d37fea8318c984dfe https://github.com/axllent/mailpit/releases/tag/v1.28.3 https://access.redhat.com/security/cve/cve-2026-23845
Patch
https://github.com/axllent/mailpit/releases
Share on: