CVE-2026-23829 | axllent mailpit up to 1.28.2 Regular Expression RCPT TO/MAIL FROM crlf injection (GHSA-54wq-72mp-cq7c)

Inserito da Angelo Barbosa | Gen 19, 2026 | CVE

A vulnerability was found in axllent mailpit up to 1.28.2 and classified as problematic. Affected is an unknown function of the component Regular Expression Handler. Executing a manipulation of the argument RCPT TO/MAIL FROM can lead to crlf injection.

This vulnerability appears as CVE-2026-23829. The attack may be performed from remote. There is no available exploit.

It is suggested to upgrade the affected component.

CVE-2026-23829 | axllent mailpit up to 1.28.2 Regular Expression RCPT TO/MAIL FROM crlf injection (GHSA-54wq-72mp-cq7c)

Post correlati

CVE-2023-6695 | Beaver Themer Plugin up to 1.4.9 on WordPress Shortcode information disclosure

CVE-2025-65430 | allauth-django up to 65.12.x on Django Refresh Token

CVE-2025-5277 | alexei-led aws-mcp-server up to 1.2.x os command injection

CVE-2025-26331 | Dell Wyse Proprietary OS up to 2411 command injection (dsa-2025-107)