XSS in Mailcow Mailcow-dockerized

CVE-2026-40875

mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 2026-03b, the user dashboard's "Seen successful connections" (login history) renders the client IP from login logs without HTML escaping. Bec…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.001 (19.0th percentile) — read the EPSS interpretation.