CVE-2026-40871 – mailcow-dockerized
“Two exposed paths in mailcow turn routine email infrastructure into a high-risk entry point.”
This patch addresses two vulnerabilities in mailcow-dockerized that significantly impact system security. CVE-2026-40872 carries a CVSS score of 9.3, which is Critical severity, while CVE-2026-40871 has a CVSS score of 7.2, which is High severity. Together, these issues create serious exposure across core mail services, potentially allowing attackers to disrupt operations or gain unauthorized access.
Proof-of-concept code is available for both vulnerabilities, confirming that exploitation is practical. The critical issue poses immediate risk to exposed environments, while the high-severity flaw further expands the attack surface. This update closes both vectors and strengthens the overall resilience of the mail platform.
Key Details
- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- High
- User Interaction
- None
- CWE Classification
- CWE-20