Mailcow Mailcow-dockerized
21 CVEs affecting Mailcow Mailcow-dockerized. Latest disclosed: 2026-05-20. Critical: 1, High: 9.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-53909 | Critical | 9.1 | 2025-07-17 | mailcow: dockerized is an open source groupware/email suite based on docker. A Server-Side Template Injection (SSTI) vulnerability exists in versions prior to… |
CVE-2024-24760 | High | 8.8 | 2024-02-02 | mailcow is a dockerized email package, with multiple containers linked in one bridged network. A security vulnerability has been identified in mailcow affectin… |
CVE-2023-34108 | High | 8.8 | 2023-06-07 | mailcow is a mail server suite based on Dovecot, Postfix and other open source software, that provides a modern web UI for user/server administration. A vulner… |
CVE-2022-31138 | High | 8.8 | 2022-07-11 | mailcow is a mailserver suite. Prior to mailcow-dockerized version 2022-06a, an extended privilege vulnerability can be exploited by manipulating the custom pa… |
CVE-2023-49077 | High | 8.3 | 2023-11-30 | Mailcow: dockerized is an open source groupware/email suite based on docker. A Cross-Site Scripting (XSS) vulnerability has been identified within the Quaranti… |
CVE-2022-39258 | High | 8.1 | 2022-09-27 | mailcow is a mailserver suite. A vulnerability innversions prior to 2022-09 allows an attacker to craft a custom Swagger API template to spoof Authorize links… |
CVE-2024-41959 | High | 7.6 | 2024-08-05 | mailcow: dockerized is an open source groupware/email suite based on docker. An unauthenticated attacker can inject a JavaScript payload into the API logs. Thi… |
CVE-2023-26490 | High | 7.3 | 2023-03-03 | mailcow is a dockerized email package, with multiple containers linked in one bridged network. The Sync Job feature - which can be made available to standard u… |
CVE-2026-40871 | High | 7.2 | 2026-04-21 | mailcow: dockerized is an open source groupware/email suite based on docker. Versions prior to 2026-03b have a second-order SQL injection vulnerability in the… |
CVE-2025-25198 | High | 7.1 | 2025-02-12 | mailcow: dockerized is an open source groupware/email suite based on docker. Prior to version 2025-01a, a vulnerability in mailcow's password reset functionali… |
CVE-2024-41958 | Medium | 6.6 | 2024-08-05 | mailcow: dockerized is an open source groupware/email suite based on docker. A vulnerability has been discovered in the two-factor authentication (2FA) mechani… |
CVE-2024-30270 | Medium | 6.2 | 2024-04-04 | mailcow: dockerized is an open source groupware/email suite based on docker. A security vulnerability has been identified in mailcow affecting versions prior t… |
CVE-2024-31204 | Medium | 6.1 | 2024-04-04 | mailcow: dockerized is an open source groupware/email suite based on docker. A security vulnerability has been identified in mailcow affecting versions prior t… |
CVE-2024-23824 | Medium | 4.7 | 2024-02-02 | mailcow is a dockerized email package, with multiple containers linked in one bridged network. The application is vulnerable to pixel flood attack, once the pa… |
CVE-2024-41960 | Low | 3.8 | 2024-08-05 | mailcow: dockerized is an open source groupware/email suite based on docker. An authenticated admin user can inject a JavaScript payload into the Relay Hosts c… |
CVE-2026-7460 | | 2026-05-20 | mailcow-dockerized contains a stored cross-site scripting vulnerability in the administrator Queue Manager. The Queue Manager fetches mail queue entries from /… | |
CVE-2026-40878 | | 2026-04-21 | mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 2026-03b, the mailcow web interface passes the raw `$_SERVER[… | |
CVE-2026-40875 | | 2026-04-21 | mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 2026-03b, the user dashboard's "Seen successful connections"… | |
CVE-2026-40874 | | 2026-04-21 | mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 2026-03b, no administrator verification takes place when dele… | |
CVE-2026-40873 | | 2026-04-21 | mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 2026-03b, the Quarantine details modal injects attachment fil… |