Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
5DescriptionCVE.org
Stack-based buffer overflow vulnerability exists in GUARDIANWALL MailSuite and GUARDIANWALL Mail Security Cloud (SaaS version). If a remote attacker sends a specially crafted request to the product's web service, arbitrary code may be executed when the product is configured to run pop3wallpasswd with grdnwww user privilege.
AnalysisAI
Remote code execution in GUARDIANWALL MailSuite and GUARDIANWALL Mail Security Cloud allows unauthenticated network attackers to execute arbitrary code via stack-based buffer overflow when pop3wallpasswd runs with grdnwww user privileges. Canon Marketing Japan has released patches for both on-premises (versions 1.4.00-2.4.26 affected) and SaaS deployments (pre-April 30, 2026 maintenance). CVSS 9.3 indicates critical severity with network vector and no authentication required, though EPSS score of 0.14% (33rd percentile) suggests limited real-world exploitation probability at time of analysis. SSVC assessment marks this as automatable with total technical impact but no confirmed exploitation.
Technical ContextAI
This vulnerability affects Canon Marketing Japan's GUARDIANWALL email security products, identified by CPE strings cpe:2.3:a:canon_marketing_japan_inc.:guardianwall_mailsuite_(on-premises_version) and the SaaS variant. The root cause is CWE-121 (stack-based buffer overflow), a memory safety issue where unbounded data written to a fixed-size stack buffer overwrites adjacent memory. The vulnerability surfaces in the pop3wallpasswd component when processing web service requests, allowing attackers to inject shellcode into stack memory and redirect execution flow. Stack overflows remain exploitable in applications written in memory-unsafe languages (likely C/C++ given the product's email gateway nature) without modern protections like stack canaries, ASLR, or DEP. The affected component runs with grdnwww user privileges, limiting post-exploitation access compared to root-level compromise but still enabling email interception, data exfiltration, and lateral movement within mail infrastructure.
RemediationAI
For on-premises GUARDIANWALL MailSuite deployments running versions 1.4.00 through 2.4.26, upgrade to version 2.4.27 or later per Canon's security advisory at https://security-support.canon-its.jp/info_and_news/show/804?site_domain=GUARDIANWALL. For GUARDIANWALL Mail Security Cloud SaaS customers, Canon applied the fix during scheduled maintenance on April 30, 2026 - verify with Canon support that your tenant received the update. If immediate patching is not feasible, implement network segmentation to restrict access to the product's web service interface to trusted management networks only, blocking external Internet access to administrative ports. Disable the pop3wallpasswd service if POP3 password management functionality is not required for business operations, though this may break POP3 authentication workflows. Deploy a web application firewall (WAF) with rules to detect and block requests containing abnormally long parameters or buffer overflow signatures targeting the vulnerable endpoint, understanding that sophisticated attackers may bypass signature-based detection. Monitor for unusual outbound connections from the grdnwww user process and unexpected privilege escalation attempts. These compensating controls reduce attack surface but do not eliminate the underlying memory corruption vulnerability - prioritize vendor patching.
Same weakness CWE-121 – Stack-based Buffer Overflow
View allSame technique Stack Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-29911
GHSA-hrhg-9hfh-hwhj