CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-26312

Stalwart is a mail and collaboration server. A denial-of-service vulnerability exists in Stalwart Mail Server versions 0.13.0 through 0.15.4 where accessing a specially crafted email containing malformed nested `message/rfc822` MIME parts via IMAP or JMAP causes excessive CPU and memory consumption, potentially leading to an out-of-memory condition and server crash. The malformed structure causes the `mail-parser` crate to produce cyclical references in its parsed representation, which Stalwart then follows indefinitely. Version 0.15.5 contains a patch.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 12.0%

CVSS Severity

CVSS v3 Score 6.5

References

https://github.com/stalwartlabs/stalwart/security/advisories/GHSA-jm95-876q-c9gw

Products affected by CVE-2026-26312

Stalw » Stalwart » Version: 0.13.0

cpe:2.3:a:stalw:stalwart:0.13.0
Stalw » Stalwart » Version: 0.13.1

cpe:2.3:a:stalw:stalwart:0.13.1
Stalw » Stalwart » Version: 0.13.2

cpe:2.3:a:stalw:stalwart:0.13.2
Stalw » Stalwart » Version: 0.13.3

cpe:2.3:a:stalw:stalwart:0.13.3
Stalw » Stalwart » Version: 0.13.4

cpe:2.3:a:stalw:stalwart:0.13.4
Stalw » Stalwart » Version: 0.14.0

cpe:2.3:a:stalw:stalwart:0.14.0
Stalw » Stalwart » Version: 0.14.1

cpe:2.3:a:stalw:stalwart:0.14.1
Stalw » Stalwart » Version: 0.15.0

cpe:2.3:a:stalw:stalwart:0.15.0
Stalw » Stalwart » Version: 0.15.1

cpe:2.3:a:stalw:stalwart:0.15.1
Stalw » Stalwart » Version: 0.15.2

cpe:2.3:a:stalw:stalwart:0.15.2
Stalw » Stalwart » Version: 0.15.3

cpe:2.3:a:stalw:stalwart:0.15.3
Stalw » Stalwart » Version: 0.15.4

cpe:2.3:a:stalw:stalwart:0.15.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-26312

Products

Pricing

Contact Us