CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-29962

HSC MailInspector v5.3.3-7 contains a Local File Inclusion (LFI) vulnerability caused by improper control of user-supplied file paths. The endpoint /vendor/phpunit/phpunit.php processes user-controlled parameters that directly affect file access operations without adequate validation, sanitization, or path restriction. This allows a remote attacker to exploit Path Traversal techniques to read arbitrary files from the underlying operating system and application directories, leading to sensitive information disclosure.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 17.3%

CVSS Severity

CVSS v3 Score 7.5

References

https://github.com/sql3t0/cve-disclosures
https://github.com/sql3t0/cve-disclosures/blob/main/01_-_CVE-2026-29962_LFI%2BPath_Traversal.md
https://hsclabs.com/pt-br/mailinspector

Products affected by CVE-2026-29962

Hsclabs » Mailinspector » Version: 5.3.3-7

cpe:2.3:a:hsclabs:mailinspector:5.3.3-7

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-29962

Products

Pricing

Contact Us