High severity7.5NVD Advisory· Published May 18, 2026· Updated May 19, 2026
CVE-2026-29962
CVE-2026-29962
Description
HSC MailInspector v5.3.3-7 contains a Local File Inclusion (LFI) vulnerability caused by improper control of user-supplied file paths. The endpoint /vendor/phpunit/phpunit.php processes user-controlled parameters that directly affect file access operations without adequate validation, sanitization, or path restriction. This allows a remote attacker to exploit Path Traversal techniques to read arbitrary files from the underlying operating system and application directories, leading to sensitive information disclosure.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- cpe:2.3:a:hsclabs:mailinspector:5.3.3-7:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
2- github.com/sql3t0/cve-disclosures/blob/main/01_-_CVE-2026-29962_LFI%2BPath_Traversal.mdnvdThird Party Advisory
- hsclabs.com/pt-br/mailinspectornvdProduct
News mentions
0No linked articles in our index yet.