Stalwartlabs
Products
2- 3 CVEs
- 2 CVEs
Recent CVEs
5| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-35187 | Cri | 0.52 | 9.1 | 0.01 | May 16, 2024 | Stalwart Mail Server is an open-source mail server. Prior to version 0.8.0, attackers who achieved Arbitrary Code Execution as the stalwart-mail user (including web interface admins) can gain complete root access to the system. Usually, system services are run as a separate user… | ||
| CVE-2025-61600 | Hig | 0.49 | 7.5 | 0.01 | Oct 2, 2025 | Stalwart is a mail and collaboration server. Versions 0.13.3 and below contain an unbounded memory allocation vulnerability in the IMAP protocol parser which allows remote attackers to exhaust server memory, potentially triggering the system's out-of-memory (OOM) killer and… | ||
| CVE-2025-59045 | Hig | 0.39 | — | 0.00 | Sep 10, 2025 | Stalwart is a mail and collaboration server. Starting in version 0.12.0 and prior to version 0.13.3, a memory exhaustion vulnerability exists in Stalwart's CalDAV implementation that allows authenticated attackers to cause denial-of-service by triggering unbounded memory… | ||
| CVE-2024-35179 | Med | 0.37 | 6.8 | 0.01 | May 15, 2024 | Stalwart Mail Server is an open-source mail server. Prior to version 0.8.0, when using `RUN_AS_USER`, the specified user (and therefore, web interface admins) can read arbitrary files as root. This issue affects admins who have set up to run stalwart with `RUN_AS_USER` who… | ||
| CVE-2026-26312 | 0.00 | — | 0.00 | Feb 19, 2026 | Stalwart is a mail and collaboration server. A denial-of-service vulnerability exists in Stalwart Mail Server versions 0.13.0 through 0.15.4 where accessing a specially crafted email containing malformed nested `message/rfc822` MIME parts via IMAP or JMAP causes excessive CPU… |
- risk 0.52cvss 9.1epss 0.01
Stalwart Mail Server is an open-source mail server. Prior to version 0.8.0, attackers who achieved Arbitrary Code Execution as the stalwart-mail user (including web interface admins) can gain complete root access to the system. Usually, system services are run as a separate user…
- risk 0.49cvss 7.5epss 0.01
Stalwart is a mail and collaboration server. Versions 0.13.3 and below contain an unbounded memory allocation vulnerability in the IMAP protocol parser which allows remote attackers to exhaust server memory, potentially triggering the system's out-of-memory (OOM) killer and…
- risk 0.39cvss —epss 0.00
Stalwart is a mail and collaboration server. Starting in version 0.12.0 and prior to version 0.13.3, a memory exhaustion vulnerability exists in Stalwart's CalDAV implementation that allows authenticated attackers to cause denial-of-service by triggering unbounded memory…
- risk 0.37cvss 6.8epss 0.01
Stalwart Mail Server is an open-source mail server. Prior to version 0.8.0, when using `RUN_AS_USER`, the specified user (and therefore, web interface admins) can read arbitrary files as root. This issue affects admins who have set up to run stalwart with `RUN_AS_USER` who…
- CVE-2026-26312Feb 19, 2026risk 0.00cvss —epss 0.00
Stalwart is a mail and collaboration server. A denial-of-service vulnerability exists in Stalwart Mail Server versions 0.13.0 through 0.15.4 where accessing a specially crafted email containing malformed nested `message/rfc822` MIME parts via IMAP or JMAP causes excessive CPU…