CVE-2026-6351
published 2026-04-16CVE-2026-6351: MailGates/MailAudit developed by Openfind has a CRLF Injection vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read…
PriorityP356high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.59%
43.8th percentile
MailGates/MailAudit developed by Openfind has a CRLF Injection vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read system files.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| openfind | mailaudit | >= 5.0 < 5.2.10.099 | 5.2.10.099 |
| openfind | mailaudit | >= 6.0 < 6.1.10.054 | 6.1.10.054 |
| openfind | mailgates | >= 5.0 < 5.2.10.099 | 5.2.10.099 |
| openfind | mailgates | >= 6.0 < 6.1.10.054 | 6.1.10.054 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv4.08.7HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vendor_redhat4.7MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Openfind MailGates/MailAudit prior 5.2.10.099/6.1.10.054 System File crlf injection
vuldb·2026-04-16·CVSS 8.7
CVE-2026-6351 [HIGH] Openfind MailGates/MailAudit prior 5.2.10.099/6.1.10.054 System File crlf injection
A vulnerability, which was classified as problematic, was found in Openfind MailGates and MailAudit. The impacted element is an unknown function of the component System File Handler. The manipulation results in crlf injection.
This vulnerability is known as CVE-2026-6351. It is possible to launch the attack remotely. No exploit is available.
You should upgrade the affected component.
GHSA
GHSA-mgwx-w2xc-pjq7: MailGates/MailAudit developed by Openfind has a CRLF Injection vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability
ghsa_unreviewed·2026-04-16
CVE-2026-6351 [HIGH] CWE-93 GHSA-mgwx-w2xc-pjq7: MailGates/MailAudit developed by Openfind has a CRLF Injection vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability
MailGates/MailAudit developed by Openfind has a CRLF Injection vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read system files.
Red Hat
kernel: bonding: annotate data-races around slave->last_rx
vendor_redhat·2026-02-18·CVSS 4.7
CVE-2026-23212 [MEDIUM] CWE-367 kernel: bonding: annotate data-races around slave->last_rx
kernel: bonding: annotate data-races around slave->last_rx
In the Linux kernel, the following vulnerability has been resolved:
bonding: annotate data-races around slave->last_rx
slave->last_rx and slave->target_last_arp_rx[...] can be read and written
locklessly. Add READ_ONCE() and WRITE_ONCE() annotations.
syzbot reported:
BUG: KCSAN: data-race in bond_rcv_validate / bond_rcv_validate
write to 0xffff888149f0d428 of 8 bytes by interrupt on cpu 1:
bond_rcv_validate+0x202/0x7a0 drivers/net/bonding/bond_main.c:3335
bond_handle_frame+0xde/0x5e0 drivers/net/bonding/bond_main.c:1533
__netif_receive_skb_core+0x5b1/0x1950 net/core/dev.c:6039
__netif_receive_skb_one_core net/core/dev.c:6150 [inline]
__netif_receive_skb+0x59/0x270 net/core/dev.c:6265
netif_receive_skb_internal net/core/dev.c:6351
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-04-16
Published