cbcvebase.
CVE-2026-23845
published 2026-01-19

CVE-2026-23845: Mailpit is an email testing tool and API for developers. Versions prior to 1.28.3 are vulnerable to Server-Side Request Forgery (SSRF) via HTML Check CSS…

PriorityP348high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.40%
31.4th percentile
Mailpit is an email testing tool and API for developers. Versions prior to 1.28.3 are vulnerable to Server-Side Request Forgery (SSRF) via HTML Check CSS Download. The HTML Check feature (`/api/v1/message/{ID}/html-check`) is designed to analyze HTML emails for compatibility. During this process, the `inlineRemoteCSS()` function automatically downloads CSS files from external `` tags to inline them for testing. Version 1.28.3 fixes the issue.

Affected

5 ranges
VendorProductVersion rangeFixed in
axllentmailpit< 1.28.31.28.3
axllentmailpit< 1.29.21.29.2
github.comaxllent_mailpit>= 0 < 1.28.31.28.3
github.comaxllent_mailpit>= 0 < 1.29.21.29.2
github.comaxllent_mailpit>= 1.28.3 < 1.30.01.30.0

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
ghsa7.5HIGH
osv5.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.