Nixpkgs security tracker

Login with GitHub

Details of issue NIXPKGS-2026-0049

NIXPKGS-2026-0049
published on
Permalink CVE-2026-23845
5.8 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
updated 2 months, 2 weeks ago by @LeSuisse Activity log
  • Created automatic suggestion 2 months, 2 weeks ago
  • @LeSuisse accepted 2 months, 2 weeks ago
  • @LeSuisse published on GitHub 2 months, 2 weeks ago
Mailpit Vulnerable to Server-Side Request Forgery (SSRF) via HTML Check API

Mailpit is an email testing tool and API for developers. Versions prior to 1.28.3 are vulnerable to Server-Side Request Forgery (SSRF) via HTML Check CSS Download. The HTML Check feature (`/api/v1/message/{ID}/html-check`) is designed to analyze HTML emails for compatibility. During this process, the `inlineRemoteCSS()` function automatically downloads CSS files from external `<link rel="stylesheet" href="...">` tags to inline them for testing. Version 1.28.3 fixes the issue.

Affected products

mailpit
  • ==< 1.28.3

Matching in nixpkgs

pkgs.mailpit

Email and SMTP testing tool with API for developers

Package maintainers

Upstream advisory: https://github.com/axllent/mailpit/security/advisories/GHSA-6jxm-fv7w-rw5j
Upstream patch: https://github.com/axllent/mailpit/commit/1679a0aba592ebc8487a996d37fea8318c984dfe