FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mail/mailpit -- multiple vulnerabilities

Affected packages
mailpit < 1.28.3

Details

VuXML ID 01f34a27-f560-11f0-bbdc-10ffe07f9334
Discovery 2026-01-18
Entry 2026-01-19

Mailpit author reports:

Ensure SMTP TO & FROM addresses are RFC 5322 compliant and prevent header injection (GHSA-54wq-72mp-cq7c)

Prevent Server-Side Request Forgery (SSRF) via HTML Check API (GHSA-6jxm-fv7w-rw5j)

[source]

References

CVE Name CVE-2026-23829
CVE Name CVE-2026-23845
URL https://github.com/axllent/mailpit/security/advisories/GHSA-54wq-72mp-cq7c
URL https://github.com/axllent/mailpit/security/advisories/GHSA-6jxm-fv7w-rw5j

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.