VYPR
Vendor

Haraka

Products
1
CVEs
2
Across products
2
Status
Private

Products

1

Recent CVEs

2
  • CVE-2026-34752HigApr 2, 2026
    risk 0.49cvss 7.5epss 0.00

    Haraka is a Node.js mail server. Prior to version 3.1.4, sending an email with __proto__: as a header name crashes the Haraka worker process. This issue has been patched in version 3.1.4.

  • CVE-2016-1000282Feb 5, 2019
    risk 0.08cvss epss 0.13

    Haraka version 2.8.8 and earlier comes with a plugin for processing attachments for zip files. Versions 2.8.8 and earlier can be vulnerable to command injection.