CVE-2026-44400

HIGH 8.1

MailEnable Enterprise Premium < 10.55 Authorization Bypass via WebAdmin

CVSS Score

8.1

EPSS Score

0.0%

EPSS Percentile

0th

MailEnable Enterprise Premium 10.55 and earlier contains an improper authorization vulnerability in the WebAdmin mobile portal that allows attackers to bypass authentication checks by reusing AuthenticationToken cookies generated for low-privileged users. Attackers can obtain a token from the WebMail login endpoint using the PersistentLogin parameter and replay it against the WebAdmin portal to perform highly privileged administrative actions.

CWE	CWE-639
Vendor	mailenable
Product	mailenable enterprise premium
Published	May 8, 2026

Stay Ahead of the Next One

Get instant alerts for mailenable mailenable enterprise premium

Be the first to know when new high vulnerabilities affecting mailenable mailenable enterprise premium are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

MailEnable / MailEnable Enterprise Premium

0 < 10.55

References

NVD ↗ CVE.org ↗ EPSS Data ↗

mailenable.com: https://www.mailenable.com/Premium-ReleaseNotes.txt vulncheck.com: https://www.vulncheck.com/advisories/mailenable-enterprise-premium-authorization-bypass-via-webadmin

Credits

dninh of SACOMBANK