XSS in Mailcow Mailcow-dockerized

CVE-2026-40872

mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 2026-03b, the admin dashboard's Autodiscover logs render the EMailAddress value (logged as the "user" field) without HTML escaping. By submit…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.001 (21.0th percentile) — read the EPSS interpretation.