Canarymail: >> Canary Mail Security Vulnerabilities
When using the attachment interaction functionality, Canary Mail 5.1.40 and below saves documents to a file system without a Mark-of-the-Web tag, which allows attackers to bypass the built-in file protection mechanisms of both Windows OS and third-party software.
CVSS Score
9.1
EPSS Score
0.001
Published
2025-12-16
core/imap/MCIMAPSession.cpp in Canary Mail before 3.22 has Missing SSL Certificate Validation for IMAP in STARTTLS mode.
CVSS Score
7.4
EPSS Score
0.003
Published
2021-02-17