Vulnerability Description
Mailpit is an email testing tool and API for developers. Versions prior to 1.28.3 are vulnerable to Server-Side Request Forgery (SSRF) via HTML Check CSS Download. The HTML Check feature (`/api/v1/message/{ID}/html-check`) is designed to analyze HTML emails for compatibility. During this process, the `inlineRemoteCSS()` function automatically downloads CSS files from external `<link rel="stylesheet" href="...">` tags to inline them for testing. Version 1.28.3 fixes the issue.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Axllent | Mailpit | < 1.28.3 |
Related Weaknesses (CWE)
References
- https://github.com/axllent/mailpit/commit/1679a0aba592ebc8487a996d37fea8318c984dPatch
- https://github.com/axllent/mailpit/releases/tag/v1.28.3ProductRelease Notes
- https://github.com/axllent/mailpit/security/advisories/GHSA-6jxm-fv7w-rw5jExploitVendor Advisory
FAQ
What is CVE-2026-23845?
CVE-2026-23845 is a vulnerability with a CVSS score of 5.8 (MEDIUM). Mailpit is an email testing tool and API for developers. Versions prior to 1.28.3 are vulnerable to Server-Side Request Forgery (SSRF) via HTML Check CSS Download. The HTML Check feature (`/api/v1/mes...
How severe is CVE-2026-23845?
CVE-2026-23845 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-23845?
Check the references section above for vendor advisories and patch information. Affected products include: Axllent Mailpit.