Vulnerabilities in mailcow
21 resultsCVE-2024-30270MEDIUMmailcow Path Traversal and Arbitrary Code Execution VulnerabilityEPSS 27.3%CVE-2026-40871HIGHmailcow: dockerized vulnerable to Second Order SQL Injection in quarantine category via APIEPSS 9.9%CVE-2024-31204MEDIUMmailcow Cross-site Scripting Vulnerability via Exception HandlerEPSS 8.2%CVE-2022-31138HIGHOS Command Injection in mailcowEPSS 2.3%CVE-2023-26490HIGHmailcow is vulnerable to shell command injection via xoauth2 authentication in imapsyncEPSS 2.2%CVE-2025-25198HIGHmailcow: dockerized vulnerable to password reset poisoningEPSS 1.1%CVE-2024-41958MEDIUMTwo-Factor Authentication (2FA) Bypass in mailcow: dockerizedEPSS 1.0%CVE-2023-34108HIGHManipulation of Internal Dovecot Variables in mailcow via crafted PasswordsEPSS 1.0%CVE-2024-24760HIGHMailcow Docker Container Exposure to Local NetworkEPSS 0.9%CVE-2026-40878LOWmailcow-dockerized Login Page has Reflected Parameter Injection / Wrong-Context XSS EscapingEPSS 0.8%CVE-2022-39258HIGHmailcow-dockerized critical information misrepresentation can lead to phishing attacks through Swagger UIEPSS 0.6%CVE-2024-23824MEDIUMmailcow ipixel flood attack leads to Denial of Service in admin pageEPSS 0.6%CVE-2025-53909CRITICALmailcow: dockerized vulnerable to SSTI in Quota and Quarantine Notification TemplateEPSS 0.5%CVE-2023-49077HIGHmailcow-dockerized XSS Vulnerability in Quarantine UI Allows Unauthorized Access and Data ManipulationEPSS 0.4%CVE-2024-41959HIGHCross-site Scripting (XSS) via API Logs in mailcow: dockerizedEPSS 0.3%CVE-2026-40873HIGHmailcow: dockerized vulnerable to stored XSS in Quarantine attachment filenamesEPSS 0.3%CVE-2026-7460HIGHmailcow-dockerized 2026-03b - Stored XSS in Queue Manager via unescapedEPSS 0.3%CVE-2024-41960LOWCross-site Scripting (XSS) via Relay Hosts Configuration in mailcow: dockerizedEPSS 0.3%CVE-2026-40872CRITICALmailcow: dockerized vulnerable to stored XSS in autodiscover logs email address fieldEPSS 0.3%CVE-2026-40875HIGHmailcow: dockerized vulnerable to stored XSS in user login history real_ripEPSS 0.2%