CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Mailenable: >> Mailenable >> 10.44 Security Vulnerabilities

CVE-2026-44400

MailEnable Enterprise Premium 10.55 and earlier contains an improper authorization vulnerability in the WebAdmin mobile portal that allows attackers to bypass authentication checks by reusing AuthenticationToken cookies generated for low-privileged users. Attackers can obtain a token from the WebMail login endpoint using the PersistentLogin parameter and replay it against the WebAdmin portal to perform highly privileged administrative actions.

CVSS Score

8.7

EPSS Score

0.004

Published

2026-05-08

Page 1

Vulnerabilities

Vulnerable Software

Mailenable: >> Mailenable >> 10.44 Security Vulnerabilities

Products

Pricing

Contact Us