CVE-2026-7460

Sažetak

mailcow-dockerized contains a stored cross-site scripting vulnerability in the administrator Queue Manager. The Queue Manager fetches mail queue entries from /api/v1/get/mailq/all, copies server-controlled Postfix queue fields into DataTables rows, and renders several of those fields as HTML without adequate output encoding. This issue affects mailcow-dockerized: 2026-03b.

Reference

https://fluidattacks.com/advisories/mojabi
https://github.com/mailcow/mailcow-dockerized
https://fluidattacks.com/advisories/mojabi

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

20-05-2026 - 14:23

Objavljeno

20-05-2026 - 04:16