CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-29963

HSC MailInspector 5.3.3-7 has a Path Traversal vulnerability due to improper validation of user-supplied input in the /tap/dw.php endpoint. The text parameter is used to construct file paths without adequate normalization or restriction to a safe base directory. A remote attacker can exploit this flaw to access arbitrary files on the underlying operating system, resulting in unauthorized disclosure of sensitive information.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 31.8%

CVSS Severity

CVSS v3 Score 7.5

References

https://github.com/sql3t0/cve-disclosures
https://github.com/sql3t0/cve-disclosures/blob/main/02_-_CVE-2026-29963_LFI%2BPath_Traversal.md
https://hsclabs.com/pt-br/mailinspector/

Products affected by CVE-2026-29963

Hsclabs » Mailinspector » Version: 5.3.3-7

cpe:2.3:a:hsclabs:mailinspector:5.3.3-7

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-29963

Products

Pricing

Contact Us