Vulnerability Description
Mailpit is an email testing tool and API for developers. Prior to version 1.28.3, Mailpit's SMTP server is vulnerable to Header Injection due to an insufficient Regular Expression used to validate `RCPT TO` and `MAIL FROM` addresses. An attacker can inject arbitrary SMTP headers (or corrupt existing ones) by including carriage return characters (`\r`) in the email address. This header injection occurs because the regex intended to filter control characters fails to exclude `\r` and `\n` when used inside a character class. Version 1.28.3 fixes this issue.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Axllent | Mailpit | < 1.28.3 |
Related Weaknesses (CWE)
References
- https://github.com/axllent/mailpit/commit/36cc06c125954dec6673219dafa084e13cc145Patch
- https://github.com/axllent/mailpit/releases/tag/v1.28.3ProductRelease Notes
- https://github.com/axllent/mailpit/security/advisories/GHSA-54wq-72mp-cq7cExploitThird Party AdvisoryMitigation
FAQ
What is CVE-2026-23829?
CVE-2026-23829 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Mailpit is an email testing tool and API for developers. Prior to version 1.28.3, Mailpit's SMTP server is vulnerable to Header Injection due to an insufficient Regular Expression used to validate `RC...
How severe is CVE-2026-23829?
CVE-2026-23829 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-23829?
Check the references section above for vendor advisories and patch information. Affected products include: Axllent Mailpit.