CVE-2024-27448

9.1 CRITICAL
Published: April 05, 2024 Modified: April 15, 2026
View on NVD

Description

MailDev 2 through 2.1.0 allows Remote Code Execution via a crafted Content-ID header for an e-mail attachment, leading to lib/mailserver.js writing arbitrary code into the routes.js file.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://gist.github.com/stypr/fe2003f00959f7e3d92ab9d5260433f8
Source: cve@mitre.org
https://github.com/Tim-Hoekstra/MailDev-2.1.0-Exploit-RCE
Source: cve@mitre.org
https://github.com/maildev/maildev/issues/467
Source: cve@mitre.org
https://github.com/maildev/maildev/releases
Source: cve@mitre.org
https://intrix.com.au/articles/exposing-major-security-flaw-in-maildev
Source: cve@mitre.org
https://gist.github.com/stypr/fe2003f00959f7e3d92ab9d5260433f8
Source: af854a3a-2127-422b-91ae-364da2661108
https://github.com/Tim-Hoekstra/MailDev-2.1.0-Exploit-RCE
Source: af854a3a-2127-422b-91ae-364da2661108
https://github.com/maildev/maildev/issues/467
Source: af854a3a-2127-422b-91ae-364da2661108
https://github.com/maildev/maildev/releases
Source: af854a3a-2127-422b-91ae-364da2661108
https://intrix.com.au/articles/exposing-major-security-flaw-in-maildev
Source: af854a3a-2127-422b-91ae-364da2661108

10 reference(s) from NVD

Quick Stats

CVSS v3 Score
9.1 / 10.0
EPSS (Exploit Probability)
10.4%
93th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-352

Related CVEs

CVE-2026-40962 4.9
CVE-2026-40505 3.3
CVE-2026-40504 9.8
CVE-2026-3299 6.4
CVE-2026-40960 8.1