MEDIUM🇬🇧 English

CVE-2026-23845

CVSS 5.8v3.1pub. 2026-01-19upd. 2026-02-05

Mailpit is an email testing tool and API for developers. Versions prior to 1.28.3 are vulnerable to Server-Side Request Forgery (SSRF) via HTML Check CSS Download. The HTML Check feature (`/api/v1/message/{ID}/html-check`) is designed to analyze HTML emails for compatibility. During this process, the `inlineRemoteCSS()` function automatically downloads CSS files from external `<link rel="stylesheet" href="...">` tags to inline them for testing. Version 1.28.3 fixes the issue.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
  • Axllent Mailpit

    APP
    Axllent
    < 1.28.3
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
SSRF
CWE
Referencje

Powiązane podatności

CVE-2026-27808MEDIUM5.8ten sam produkt

Mailpit is an email testing tool and API for developers. Prior to version 1.29.2, the Link Check API (/api/v1/...

CVE-2026-23829MEDIUM5.3ten sam produkt

Mailpit is an email testing tool and API for developers. Prior to version 1.28.3, Mailpit's SMTP server is vul...

CVE-2026-22689MEDIUM6.5ten sam produkt

Mailpit is an email testing tool and API for developers. Prior to version 1.28.2, the Mailpit WebSocket server...

CVE-2026-21859MEDIUM5.8ten sam produkt

Mailpit is an email testing tool and API for developers. Versions 1.28.0 and below have a Server-Side Request ...

CVE-2026-23845 — MEDIUM 5.8 | CVEbaza.pl