Skip to main content

Mailgates CVE-2026-6350

| EUVDEUVD-2026-23166 CRITICAL
Stack-based Buffer Overflow (CWE-121)
2026-04-16 twcert GHSA-6v5j-prr3-phf9
9.3
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
9.3 CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

11
Patch released
Apr 17, 2026 - 15:38 nvd
Patch available
Analysis Updated
Apr 16, 2026 - 05:31 vuln.today
v3 (patch_released)
Re-analysis Queued
Apr 16, 2026 - 05:29 backfill_euvd_patch
patch_released
Patch available
Apr 16, 2026 - 05:29 EUVD
6.1.10.054,5.2.10.099
Analysis Updated
Apr 16, 2026 - 03:43 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Apr 16, 2026 - 03:34 vuln.today
cvss_changed
CVSS changed
Apr 16, 2026 - 03:34 NVD
9.8 (CRITICAL) 9.3 (CRITICAL)
Analysis Generated
Apr 16, 2026 - 02:51 vuln.today
EUVD ID Assigned
Apr 16, 2026 - 02:45 euvd
EUVD-2026-23166
Analysis Generated
Apr 16, 2026 - 02:45 vuln.today
CVE Published
Apr 16, 2026 - 02:30 nvd
CRITICAL 9.3

DescriptionCVE.org

MailGates/MailAudit developed by Openfind has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to control the program's execution flow and execute arbitrary code.

AnalysisAI

Remote unauthenticated code execution in Openfind MailGates (5.0-6.0) and MailAudit (5.0-6.0) via stack-based buffer overflow allows complete system compromise. Attackers can send crafted network requests to exploit CWE-121 buffer overflow conditions without authentication, achieving arbitrary code execution with high impact to confidentiality, integrity, and availability. Vendor patches available (MailGates 6.1.10.054, 5.2.10.099; MailAudit 6.1.10.054, 5.2.10.099). CVSS 9.3 with network attack vector (AV:N), low complexity (AC:L), and no privileges required (PR:N) creates critical exposure for internet-facing mail security appliances. EPSS data unavailable; no confirmed active exploitation or public POC identified at time of analysis.

Technical ContextAI

This vulnerability affects Openfind's mail security gateway products MailGates and MailAudit, which provide email filtering, auditing, and archival capabilities for enterprise deployments. The root cause is CWE-121 (Stack-based Buffer Overflow), occurring when the application fails to properly validate input length before copying data to fixed-size stack buffers. Stack-based overflows are particularly dangerous because they can overwrite return addresses and function pointers stored on the stack, enabling attackers to redirect program execution flow. The CVSS 4.0 vector indicates network-accessible exploitation (AV:N) with low attack complexity (AC:L) and no attack requirements (AT:N), suggesting the vulnerable code path is reachable through standard network protocols without complex preconditions. Affected CPE identifiers confirm both product lines across major version branches: cpe:2.3:a:openfind:mailgates and cpe:2.3:a:openfind:mailaudit. Mail gateway appliances typically expose SMTP, HTTP/HTTPS management interfaces, and proprietary protocols, any of which could contain the vulnerable parsing code.

RemediationAI

Immediately upgrade to patched versions: MailGates 6.1.10.054 or 5.2.10.099, MailAudit 6.1.10.054 or 5.2.10.099, as confirmed by EUVD affected version data. Consult Taiwan CERT advisories at https://www.twcert.org.tw/en/cp-139-10843-9ff91-2.html for vendor-specific upgrade procedures and patch distribution channels. If immediate patching is not feasible, implement network segmentation to restrict access to management interfaces to trusted IP ranges only, and place appliances behind web application firewalls or reverse proxies capable of input validation and rate limiting, though these are imperfect mitigations against stack overflows. Monitor for abnormal process crashes, unexpected service restarts, or connection attempts from unknown sources as potential exploitation indicators. Disable any non-essential network-facing services or protocols on the appliance to reduce attack surface. Note that WAF/proxy mitigations may impact legitimate mail processing performance and require testing; network restrictions may complicate remote administration workflows. No workaround fully addresses the underlying memory corruption issue-patching remains the only complete remediation.

Share

CVE-2026-6350 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy