CVE-2026-23829

5.3 MEDIUM
Published: January 19, 2026 Modified: February 23, 2026
View on NVD

Description

Mailpit is an email testing tool and API for developers. Prior to version 1.28.3, Mailpit's SMTP server is vulnerable to Header Injection due to an insufficient Regular Expression used to validate `RCPT TO` and `MAIL FROM` addresses. An attacker can inject arbitrary SMTP headers (or corrupt existing ones) by including carriage return characters (`\r`) in the email address. This header injection occurs because the regex intended to filter control characters fails to exclude `\r` and `\n` when used inside a character class. Version 1.28.3 fixes this issue.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://github.com/axllent/mailpit/commit/36cc06c125954dec6673219dafa084e13cc14534
Source: security-advisories@github.com
Patch
https://github.com/axllent/mailpit/releases/tag/v1.28.3
Source: security-advisories@github.com
Product Release Notes
https://github.com/axllent/mailpit/security/advisories/GHSA-54wq-72mp-cq7c
Source: security-advisories@github.com
Exploit Third Party Advisory Mitigation

3 reference(s) from NVD

Quick Stats

CVSS v3 Score
5.3 / 10.0
EPSS (Exploit Probability)
0.9%
75th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-93 CWE-150

Affected Vendors

axllent

Related CVEs

CVE-2026-4588 3.7
CVE-2026-4587 3.7
CVE-2026-4586 6.3
CVE-2026-31851 N/A
CVE-2026-31850 N/A