Haraka Project Haraka vulnerabilities
2 known vulnerabilities affecting haraka_project/haraka.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1
Vulnerabilities
Page 1 of 1
CVE-2016-1000282P2CRITICALCVSS 9.8≤ 2.8.82019-02-05
CVE-2016-1000282 [CRITICAL] CWE-77 CVE-2016-1000282: Haraka version 2.8.8 and earlier comes with a plugin for processing attachments for zip files. Versi
Haraka version 2.8.8 and earlier comes with a plugin for processing attachments for zip files. Versions 2.8.8 and earlier can be vulnerable to command injection.
ghsanvdosv
CVE-2026-34752P3HIGHCVSS 7.5fixed in 3.1.42026-04-02
CVE-2026-34752 [HIGH] CWE-248 CVE-2026-34752: Haraka is a Node.js mail server. Prior to version 3.1.4, sending an email with __proto__: as a heade
Haraka is a Node.js mail server. Prior to version 3.1.4, sending an email with __proto__: as a header name crashes the Haraka worker process. This issue has been patched in version 3.1.4.
ghsanvdosv