Vulnerabilities

CVE-2026-22689 - Mailpit is vulnerable to Cross-Site WebSocket Hijacking (CSWSH) allowing unauthe

2026-01-10 0 views admin
CVE-2026-22689 - Mailpit is vulnerable to Cross-Site WebSocket Hijacking (CSWSH) allowing unauthe

CVE ID : CVE-2026-22689 Published : Jan. 10, 2026, 6:15 a.m. | 1 hour, 19 minutes ago Description : Mailpit is an email testing tool and API for developers. Prior to version 1.28.2, the Mailpit WebSocket server is configured to accept connections from any origin. This lack of Origin header validation introduces a Cross-Site WebSocket Hijacking (CSWSH) vulnerability. An attacker can host a malicious website that, when visited by a developer running Mailpit locally, establishes a WebSocket connection to the victim's Mailpit instance (default ws://localhost:8025). This allows the attacker to intercept sensitive data such as email contents, headers, and server statistics in real-time. This issue has been patched in version 1.28.2. Severity: 6.5 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

Severity
MEDIUM
Published
Jan. 10, 2026

Source: Telegram CVE Monitor

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2026-22689medium

More from Vulnerabilities

Report: CVE-2025-13393 - Featured Image from URL (FIFU) <= 5.3.1 - authenticated (contributor+) server-si...

Report: CVE-2025-13393 - Featured Image from URL (FIFU) <= 5.3.1 - authenticated (contributor+) server-si...

2026-01-10 0
CVE-2025-12379 - Shortcodes and extra features for Phlox theme <= 2.17.13 - authenticated (contri

CVE-2025-12379 - Shortcodes and extra features for Phlox theme <= 2.17.13 - authenticated (contri

2026-01-10 0
CVE-2026-0822 - quickjs-ng quickjs quickjs.c js_typed_array_sort heap-based overflow

CVE-2026-0822 - quickjs-ng quickjs quickjs.c js_typed_array_sort heap-based overflow

2026-01-10 0
CVE-2026-0824 - questdb ui Web Console cross site scripting

CVE-2026-0824 - questdb ui Web Console cross site scripting

2026-01-10 0

Trending

1

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

2025-10-27 • 189 views
2

CVE-2025-43939: Dell Unity OS Command Injection (High)

2025-10-30 • 148 views
3

Google disputes false claims of massive Gmail data breach

2025-10-30 • 130 views
4

Microsoft: DNS outage impacts Azure and Microsoft 365 services

2025-10-30 • 88 views
5

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting

2025-11-25 • 81 views