{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T15:24:05.841","vulnerabilities":[{"cve":{"id":"CVE-2026-27808","sourceIdentifier":"security-advisories@github.com","published":"2026-02-26T00:16:26.013","lastModified":"2026-02-28T01:00:17.987","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Mailpit is an email testing tool and API for developers. Prior to version 1.29.2, the Link Check API (/api/v1/message/{ID}/link-check) is vulnerable to Server-Side Request Forgery (SSRF). The server performs HTTP HEAD requests to every URL found in an email without validating target hosts or filtering private/internal IP addresses. The response returns status codes and status text per link, making this a non-blind SSRF. In the default configuration (no authentication on SMTP or API), this is fully exploitable remotely with zero user interaction. This is the same class of vulnerability that was fixed in the HTML Check API (CVE-2026-23845 / GHSA-6jxm-fv7w-rw5j) and the screenshot proxy (CVE-2026-21859 / GHSA-8v65-47jx-7mfr), but the Link Check code path was not included in either fix. Version 1.29.2 fixes this vulnerability."},{"lang":"es","value":"Mailpit es una herramienta de prueba de correo electrónico y API para desarrolladores. Antes de la versión 1.29.2, la API de verificación de enlaces (Link Check API) (/api/v1/message/{ID}/link-check) es vulnerable a la falsificación de petición del lado del servidor (SSRF). El servidor realiza peticiones HTTP HEAD a cada URL encontrada en un correo electrónico sin validar los hosts de destino ni filtrar las direcciones IP privadas/internas. La respuesta devuelve códigos de estado y texto de estado por enlace, lo que la convierte en una SSRF no ciega. En la configuración predeterminada (sin autenticación en SMTP o API), esto es totalmente explotable de forma remota con cero interacción del usuario. Esta es la misma clase de vulnerabilidad que se corrigió en la API de verificación de HTML (HTML Check API) (CVE-2026-23845 / GHSA-6jxm-fv7w-rw5j) y el proxy de captura de pantalla (CVE-2026-21859 / GHSA-8v65-47jx-7mfr), pero la ruta de código de verificación de enlaces (Link Check) no se incluyó en ninguna de las correcciones. La versión 1.29.2 corrige esta vulnerabilidad."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N","baseScore":5.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.0}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:axllent:mailpit:*:*:*:*:*:*:*:*","versionEndExcluding":"1.29.2","matchCriteriaId":"24EB3804-DA8E-43E1-82F0-0E365C797AAD"}]}]}],"references":[{"url":"https://github.com/axllent/mailpit/commit/10ad4df8cc0cd9e51dea1b4410009545eef7fbf5","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/axllent/mailpit/releases/tag/v1.29.2","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/axllent/mailpit/security/advisories/GHSA-mpf7-p9x7-96r3","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/axllent/mailpit/security/advisories/GHSA-mpf7-p9x7-96r3","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}}]}