Canarymail

canarymail

2 CVEs • 1 product

Products (1)

Click to collapse

Toggle

Canary Mail

canary_mail

2 CVEs

CVEs (2)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-65318 1Canarymail 1Canary Mail Dec 31, 2025 Dec 16, 2025 N/A· v4 9.1 CRITICAL· v3 N/A· v2 When using the attachment interaction functionality, Canary Mail 5.1.40 and below saves documents to a file system without a Mark-of-the-Web tag, which allows attackers to bypass the built-in file protection mechanisms o...Show more When using the attachment interaction functionality, Canary Mail 5.1.40 and below saves documents to a file system without a Mark-of-the-Web tag, which allows attackers to bypass the built-in file protection mechanisms of both Windows OS and third-party software.Show less
CVE-2021-26911 2Canarymail Libmailcore 2Canary Mail Mailcore2 Nov 21, 2024 Feb 17, 2021 N/A· v4 7.4 HIGH· v3 5.8 MEDIUM· v2 core/imap/MCIMAPSession.cpp in Canary Mail before 3.22 has Missing SSL Certificate Validation for IMAP in STARTTLS mode.

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2025-65318

1Canarymail

1Canary Mail

Dec 31, 2025

Dec 16, 2025

N/A· v4

9.1 CRITICAL· v3

N/A· v2

When using the attachment interaction functionality, Canary Mail 5.1.40 and below saves documents to a file system without a Mark-of-the-Web tag, which allows attackers to bypass the built-in file protection mechanisms o...Show more

CVE-2021-26911

2Canarymail

Libmailcore

2Canary Mail

Mailcore2

Nov 21, 2024

Feb 17, 2021

N/A· v4

7.4 HIGH· v3

5.8 MEDIUM· v2

core/imap/MCIMAPSession.cpp in Canary Mail before 3.22 has Missing SSL Certificate Validation for IMAP in STARTTLS mode.