VYPR
High severity7.5NVD Advisory· Published Apr 2, 2026· Updated Apr 9, 2026

CVE-2026-34833

CVE-2026-34833

Description

Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to version 1.4.10, the GET /api/auth/session endpoint previously included the user's plaintext password in the JSON response. This exposed credentials to browser logs, local caches, and network proxie. This issue has been patched in version 1.4.10.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • cpe:2.3:a:bulwarkmail:webmail:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:bulwarkmail:webmail:*:*:*:*:*:*:*:*range: <1.4.10
    • (no CPE)range: <1.4.10

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.