XSS in Mailcow Mailcow-dockerized

CVE-2026-7460

mailcow-dockerized contains a stored cross-site scripting vulnerability in the administrator Queue Manager. The Queue Manager fetches mail queue entries from /api/v1/get/mailq/all, copies server-controlled Postfix queue fields into DataTab…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.001 (16.7th percentile) — read the EPSS interpretation.