Skip to main content

Mailaudit

5 CVEs product

Monthly

CVE-2026-6351 HIGH PATCH This Week

CRLF Injection in Openfind MailGates/MailAudit allows remote unauthenticated attackers to read arbitrary system files via HTTP header manipulation. Affects MailGates/MailAudit versions 5.0-6.0 (prior to 5.2.10.099 and 6.1.10.054 respectively). CVSS 8.7 with network vector, low complexity, and no authentication required indicates critical real-world risk. Taiwan CERT advisory published; no CISA KEV listing or public exploit code identified at time of analysis, suggesting early disclosure phase.

Code Injection Mailgates Mailaudit
NVD VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-6350 CRITICAL PATCH Act Now

Remote unauthenticated code execution in Openfind MailGates (5.0-6.0) and MailAudit (5.0-6.0) via stack-based buffer overflow allows complete system compromise. Attackers can send crafted network requests to exploit CWE-121 buffer overflow conditions without authentication, achieving arbitrary code execution with high impact to confidentiality, integrity, and availability. Vendor patches available (MailGates 6.1.10.054, 5.2.10.099; MailAudit 6.1.10.054, 5.2.10.099). CVSS 9.3 with network attack vector (AV:N), low complexity (AC:L), and no privileges required (PR:N) creates critical exposure for internet-facing mail security appliances. EPSS data unavailable; no confirmed active exploitation or public POC identified at time of analysis.

Stack Overflow Buffer Overflow RCE Mailgates Mailaudit
NVD VulDB
CVSS 4.0
9.3
EPSS
0.1%
CVE-2024-6739 MEDIUM POC This Month

The session cookie in MailGates and MailAudit from Openfind does not have the HttpOnly flag enabled, allowing remote attackers to potentially steal the session cookie via XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mailaudit Mailgates
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2020-25849 HIGH This Week

MailGates and MailAudit products contain Command Injection flaw, which can be used to inject and execute system commands from the cgi parameter after attackers obtain the user’s access token. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Mailaudit Mailgates
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2020-12782 CRITICAL Act Now

Openfind MailGates contains a Command Injection flaw, when receiving email with specific strings, malicious code in the mail attachment will be triggered and gain unauthorized access to system files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Authentication Bypass Mailaudit Mailgates
NVD
CVSS 3.1
9.8
EPSS
1.9%
EPSS 0% CVSS 8.7
HIGH PATCH This Week

CRLF Injection in Openfind MailGates/MailAudit allows remote unauthenticated attackers to read arbitrary system files via HTTP header manipulation. Affects MailGates/MailAudit versions 5.0-6.0 (prior to 5.2.10.099 and 6.1.10.054 respectively). CVSS 8.7 with network vector, low complexity, and no authentication required indicates critical real-world risk. Taiwan CERT advisory published; no CISA KEV listing or public exploit code identified at time of analysis, suggesting early disclosure phase.

Code Injection Mailgates Mailaudit
NVD VulDB
EPSS 0% CVSS 9.3
CRITICAL PATCH Act Now

Remote unauthenticated code execution in Openfind MailGates (5.0-6.0) and MailAudit (5.0-6.0) via stack-based buffer overflow allows complete system compromise. Attackers can send crafted network requests to exploit CWE-121 buffer overflow conditions without authentication, achieving arbitrary code execution with high impact to confidentiality, integrity, and availability. Vendor patches available (MailGates 6.1.10.054, 5.2.10.099; MailAudit 6.1.10.054, 5.2.10.099). CVSS 9.3 with network attack vector (AV:N), low complexity (AC:L), and no privileges required (PR:N) creates critical exposure for internet-facing mail security appliances. EPSS data unavailable; no confirmed active exploitation or public POC identified at time of analysis.

Stack Overflow Buffer Overflow RCE +2
NVD VulDB
EPSS 0% CVSS 6.1
MEDIUM POC This Month

The session cookie in MailGates and MailAudit from Openfind does not have the HttpOnly flag enabled, allowing remote attackers to potentially steal the session cookie via XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mailaudit Mailgates
NVD
EPSS 2% CVSS 8.8
HIGH This Week

MailGates and MailAudit products contain Command Injection flaw, which can be used to inject and execute system commands from the cgi parameter after attackers obtain the user’s access token. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Mailaudit Mailgates
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Openfind MailGates contains a Command Injection flaw, when receiving email with specific strings, malicious code in the mail attachment will be triggered and gain unauthorized access to system files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Authentication Bypass Mailaudit +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy