Vulnerabilities

CVE-2026-23829 - Mailpit has SMTP Header Injection via Regex Bypass

2026-01-19 0 views admin

CVE ID : CVE-2026-23829 Published : Jan. 19, 2026, 12:15 a.m. | 1 hour, 23 minutes ago Description : Mailpit is an email testing tool and API for developers. Prior to version 1.28. Mailpit's SMTP server is vulnerable to Header Injection due to an insufficient Regular Expression used to validate `RCPT TO` and `MAIL FROM` addresses. An attacker can inject arbitrary SMTP headers (or corrupt existing ones) by including carriage return characters (`\r`) in the email address. This header injection occurs because the regex intended to filter control characters fails to exclude `\r` and `\n` when used inside a character class. Version 1.28.3 fixes this issue. Severity: 5.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2026-23829

Severity

MEDIUM

Published

Jan. 19, 2026

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2026-23829medium

CVE-2026-23829 - Mailpit has SMTP Header Injection via Regex Bypass

CVE Details

🏷️ Tags

More from Vulnerabilities

CVE-2026-1131 - Yonyou KSOA HTTP GET Parameter save_catalog.jsp sql injection

CVE-2026-1132 - Yonyou KSOA HTTP GET Parameter edit_folder.jsp sql injection

CVE-2026-1134 - itsourcecode Society Management System expenses.php cross site scripting

CVE-2026-0943 - HarfBuzz::Shaper versions before 0.032 for Perl contains a bundled library with a...

Trending

Tech: Go-legacy-winxp: Compile Golang 1.24 code for Windows XP

Tech: Data is the only moat

Tech: Pocket TTS: A high quality TTS that gives your CPU a voice

Tech: AWS European Sovereign Cloud

Tech: JuiceFS is a distributed POSIX file system built on top of Redis and S3