VYPR

Canary Mail

by Canary Mail

CVEs (2)

  • CVE-2025-65318Dec 16, 2025
    risk 0.00cvss epss 0.00

    When using the attachment interaction functionality, Canary Mail 5.1.40 and below saves documents to a file system without a Mark-of-the-Web tag, which allows attackers to bypass the built-in file protection mechanisms of both Windows OS and third-party software.

  • CVE-2021-26911HigFeb 17, 2021
    risk 0.00cvss 7.4epss 0.01

    core/imap/MCIMAPSession.cpp in Canary Mail before 3.22 has Missing SSL Certificate Validation for IMAP in STARTTLS mode.