XSS in Mailcow Mailcow-dockerized

CVE-2026-40878

mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 2026-03b, the mailcow web interface passes the raw `$_SERVER['REQUEST_URI']` to Twig as a global template variable and renders it inside a Ja…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.030 (86.7th percentile) — read the EPSS interpretation.