Vulnerability in Swoosh

CVE-2026-54893

URL path injection in the Microsoft Graph adapter of Swoosh. Swoosh.Adapters.MsGraph builds its Microsoft Graph API request URL by interpolating the sender's email address into the URL path (/users/{from}/sendMail) without percent-encoding…

Affected products

  • Swoosh — versions 1.12.0, 23bfcdab71aee4613858ba6d116bb3311b72aa58

Weakness classification (CWE)

References