Nixpkgs security tracker

Untriaged

Permalink CVE-2026-23845

5.8 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): CHANGED
Confidentiality impact (C): LOW
Integrity impact (I): NONE
Availability impact (A): NONE

created 2 months, 4 weeks ago

Mailpit Vulnerable to Server-Side Request Forgery (SSRF) via HTML Check API

Mailpit is an email testing tool and API for developers. Versions prior to 1.28.3 are vulnerable to Server-Side Request Forgery (SSRF) via HTML Check CSS Download. The HTML Check feature (`/api/v1/message/{ID}/html-check`) is designed to analyze HTML emails for compatibility. During this process, the `inlineRemoteCSS()` function automatically downloads CSS files from external `<link rel="stylesheet" href="...">` tags to inline them for testing. Version 1.28.3 fixes the issue.

References

https://github.com/axllent/mailpit/security/advisories/GHSA-6jxm-fv7w-rw5j x_refsource_CONFIRM
https://github.com/axllent/mailpit/commit/1679a0aba592ebc8487a996d37fea8318c984dfe x_refsource_MISC
https://github.com/axllent/mailpit/releases/tag/v1.28.3 x_refsource_MISC

Affected products

mailpit

==< 1.28.3

Matching in nixpkgs

pkgs.mailpit

Email and SMTP testing tool with API for developers

nixos-unstable 1.26.0
- nixpkgs-unstable 1.26.0
- nixos-unstable-small 1.26.0
nixos-25.11 1.27.11
- nixpkgs-25.11-darwin 1.27.11

Package maintainers

@stephank Stéphan Kochen <nix@stephank.nl>

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.mailpit

Package maintainers