Haraka
by Haraka
npm: haraka
Source repositories
CVEs (2)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-34752 | Hig | 0.49 | 7.5 | 0.00 | Apr 2, 2026 | Haraka is a Node.js mail server. Prior to version 3.1.4, sending an email with __proto__: as a header name crashes the Haraka worker process. This issue has been patched in version 3.1.4. | ||
| CVE-2016-1000282 | 0.08 | — | 0.13 | Feb 5, 2019 | Haraka version 2.8.8 and earlier comes with a plugin for processing attachments for zip files. Versions 2.8.8 and earlier can be vulnerable to command injection. |
- risk 0.49cvss 7.5epss 0.00
Haraka is a Node.js mail server. Prior to version 3.1.4, sending an email with __proto__: as a header name crashes the Haraka worker process. This issue has been patched in version 3.1.4.
- CVE-2016-1000282Feb 5, 2019risk 0.08cvss —epss 0.13
Haraka version 2.8.8 and earlier comes with a plugin for processing attachments for zip files. Versions 2.8.8 and earlier can be vulnerable to command injection.