CVE-2026-40872 – mailcow-dockerized

This patch addresses two vulnerabilities in mailcow-dockerized that significantly impact system security. CVE-2026-40872 carries a CVSS score of 9.3, which is Critical severity, while CVE-2026-40871 has a CVSS score of 7.2, which is High severity. Together, these issues create serious exposure across core mail services, potentially allowing attackers to disrupt operations or gain unauthorized access.

Proof-of-concept code is available for both vulnerabilities, confirming that exploitation is practical. The critical issue poses immediate risk to exposed environments, while the high-severity flaw further expands the attack surface. This update closes both vectors and strengthens the overall resilience of the mail platform.