Skip to main content

Lettermint

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-27492 npm MEDIUM PATCH This Month

Email content leakage in Lettermint Node.js SDK versions 1.5.0 and below allows local authenticated users to intercept sensitive email data when a single client instance sends multiple messages, as email properties are not properly cleared between sends. Applications using transactional email flows with reused client instances risk exposing recipient addresses and message content to unintended parties. The vulnerability has been patched in version 1.5.1.

Node.js Lettermint
NVD GitHub
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-27492 npm
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

Email content leakage in Lettermint Node.js SDK versions 1.5.0 and below allows local authenticated users to intercept sensitive email data when a single client instance sends multiple messages, as email properties are not properly cleared between sends. Applications using transactional email flows with reused client instances risk exposing recipient addresses and message content to unintended parties. The vulnerability has been patched in version 1.5.1.

Node.js Lettermint
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy