High severityNVD Advisory· Published May 20, 2026· Updated May 20, 2026
CVE-2026-7460
CVE-2026-7460
Description
mailcow-dockerized contains a stored cross-site scripting vulnerability in the administrator Queue Manager. The Queue Manager fetches mail queue entries from /api/v1/get/mailq/all, copies server-controlled Postfix queue fields into DataTables rows, and renders several of those fields as HTML without adequate output encoding.
This issue affects mailcow-dockerized: 2026-03b.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: = 2026-03b
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.