CVE-2026-6351

HIGH

Openfind｜MailGates/MailAudit - CRLF Injection

Title source: cna

Description

MailGates/MailAudit developed by Openfind has a CRLF Injection vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read system files.

References (2)

[Third Party Advisory] https://www.twcert.org.tw/tw/cp-132-10844-1405d-1.html

[Third Party Advisory] https://www.twcert.org.tw/en/cp-139-10843-9ff91-2.html

Scores

CVSS v3 7.5

EPSS 0.0003

EPSS Percentile 8.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-93

Status published

Products (4)

Openfind/MailAudit 5.0 - 5.2.10.099

Openfind/MailAudit 6.0 - 6.1.10.054

Openfind/MailGates 5.0 - 5.2.10.099

Openfind/MailGates 6.0 - 6.1.10.054

Published Apr 16, 2026

Tracked Since Apr 16, 2026