๐Ÿ” CVE Alert

CVE-2026-55187

MEDIUM 5.8

Mailpit: Incomplete SSRF protection in Link Check API via IPv6 transition mechanisms (follow-up to CVE-2026-27808)

CVSS Score
5.8
EPSS Score
0.3%
EPSS Percentile
20th

Mailpit is an email testing tool and API for developers. Prior to 1.30.2, the remediation shipped for CVE-2026-27808 is incomplete because the tools.IsInternalIP deny-list in internal/tools/net.go relies on Go's standard library classification helpers and does not block IPv6 transition mechanisms or prefixes such as NAT64, 6to4, IPv4-compatible IPv6, ISATAP, fec0::/10, and 2001:db8::/32. An attacker who can deliver email and invoke POST /api/v1/message/{ID}/link-check can coerce the Link Check API's safeDialContext path into dialing internal destinations and can use status-code and error feedback to map internal service reachability, including cloud metadata endpoints. This issue is fixed in version 1.30.2.

CWE CWE-918
Vendor axllent
Product mailpit
Published Jul 10, 2026
Last Updated Jul 13, 2026
Stay Ahead of the Next One

Get instant alerts for axllent mailpit

Be the first to know when new medium vulnerabilities affecting axllent mailpit are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
Low
Integrity
None
Availability
None

Affected Versions

axllent / mailpit
< 1.30.2

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
github.com: https://github.com/axllent/mailpit/security/advisories/GHSA-w4mc-hhc6-xp28 github.com: https://github.com/axllent/mailpit/commit/a88dadbbe1df016a35a445089ef2a362a6c2de78 github.com: https://github.com/axllent/mailpit/releases/tag/v1.30.2