XSS in Mailcow Mailcow-dockerized

CVE-2026-40873

mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 2026-03b, the Quarantine details modal injects attachment filenames into HTML without escaping, allowing arbitrary HTML/JS execution. An atta…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.001 (29.2th percentile) — read the EPSS interpretation.