CVE-2026-23845 - Mailpit Vulnerable to Server-Side Request Forgery (SSRF) via HTML Check API

CVE ID : CVE-2026-23845 Published : Jan. 19, 2026, 7:16 p.m. | 1 hour, 6 minutes ago Description : Mailpit is an email testing tool and API for developers. Versions prior to 1.28.3 are vulnerable to Server-Side Request Forgery (SSRF) via HTML Check CSS Download. The HTML Check feature (`/api/v1/message/{ID}/html-check`) is designed to analyze HTML emails for compatibility. During this process, the `inlineRemoteCSS()` function automatically downloads CSS files from external `` tags to inline them for testing. Version 1.28.3 fixes the issue. Severity: 5.8 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...