Skip to main content

Canary Mail

2 CVEs product

Monthly

CVE-2025-65318 CRITICAL POC Act Now

Protection-mechanism bypass in Canary Mail 5.1.40 and earlier on Windows lets attacker-supplied email attachments be written to disk without the Mark-of-the-Web (MOTW) NTFS tag, so files that reach a victim through the mail client are treated as trusted local content rather than internet-originated. This defeats SmartScreen, Office Protected View, and other MOTW-aware defenses in Windows and third-party software, materially easing malware delivery. Publicly available exploit code exists; the issue is not listed in CISA KEV and EPSS is low (0.48%, 38th percentile), indicating no evidence of widespread active exploitation.

Authentication Bypass Microsoft Canary Mail
NVD GitHub
CVSS 3.1
9.1
EPSS
0.5%
CVE-2021-26911 HIGH POC PATCH This Week

core/imap/MCIMAPSession.cpp in Canary Mail before 3.22 has Missing SSL Certificate Validation for IMAP in STARTTLS mode. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Canary Mail Mailcore2
NVD GitHub
CVSS 3.1
7.4
EPSS
1.1%
EPSS 0% CVSS 9.1
CRITICAL POC Act Now

Protection-mechanism bypass in Canary Mail 5.1.40 and earlier on Windows lets attacker-supplied email attachments be written to disk without the Mark-of-the-Web (MOTW) NTFS tag, so files that reach a victim through the mail client are treated as trusted local content rather than internet-originated. This defeats SmartScreen, Office Protected View, and other MOTW-aware defenses in Windows and third-party software, materially easing malware delivery. Publicly available exploit code exists; the issue is not listed in CISA KEV and EPSS is low (0.48%, 38th percentile), indicating no evidence of widespread active exploitation.

Authentication Bypass Microsoft Canary Mail
NVD GitHub
EPSS 1% CVSS 7.4
HIGH POC PATCH This Week

core/imap/MCIMAPSession.cpp in Canary Mail before 3.22 has Missing SSL Certificate Validation for IMAP in STARTTLS mode. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Canary Mail Mailcore2
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy