What is the CVSS score of EUVD-2026-30781?

EUVD-2026-30781 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. EPSS exploitation probability: 0.0%.

Which versions of HSC MailInspector are affected by EUVD-2026-30781?

HSC MailInspector v5.3.3-7 contains an unauthenticated file disclosure vulnerability enabling external attackers to access sensitive files on email inspection systems without authentication.

HSC MailInspector EUVD-2026-30781

| CVE-2026-29962 HIGH

External Control of File Name or Path (CWE-73)

2026-05-18 mitre

GHSA-gx62-92q7-r437

PHP Information Disclosure Path Traversal

7.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Analysis Generated

May 19, 2026 - 15:22 vuln.today

CVSS changed

May 19, 2026 - 15:22 NVD

7.5 (HIGH)

CVE Published

May 18, 2026 - 00:00 nvd

UNKNOWN (no severity yet)

DescriptionNVD

HSC MailInspector v5.3.3-7 contains a Local File Inclusion (LFI) vulnerability caused by improper control of user-supplied file paths. The endpoint /vendor/phpunit/phpunit.php processes user-controlled parameters that directly affect file access operations without adequate validation, sanitization, or path restriction. This allows a remote attacker to exploit Path Traversal techniques to read arbitrary files from the underlying operating system and application directories, leading to sensitive information disclosure.

AnalysisAI

Arbitrary file disclosure in HSC MailInspector v5.3.3-7 allows unauthenticated remote attackers to read sensitive files from the host via a path traversal flaw in the exposed /vendor/phpunit/phpunit.php endpoint. The CVSS 7.5 rating reflects high confidentiality impact with no required privileges or user interaction, though EPSS remains very low at 0.05% (15th percentile) and there is no public exploit identified at time of analysis. …

RemediationAI

Within 24 hours: Audit all HSC MailInspector v5.3.3-7 deployments and implement firewall or WAF rules to block external access to /vendor/phpunit/phpunit.php. Within 7 days: Contact HSC for interim hardening guidance and begin evaluation of alternative email security solutions. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

EUVD-2026-30781 vulnerability details – vuln.today

Back

HSC MailInspector EUVD-2026-30781

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code