CVE-2026-2234
Awaiting Analysis Awaiting Analysis - Queue

Missing Authentication in HGiga C&Cm@il Allows Mail Access

Vulnerability report for CVE-2026-2234, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-02-09

Last updated on: 2026-02-09

Assigner: TWCERT/CC

Description

C&Cm@il developed by HGiga has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read and modify any user's mail content.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-02-09
Last Modified
2026-02-09
Generated
2026-07-06
AI Q&A
2026-02-09
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
hgiga c&cm@il to 7.0-978 (exc)
hgiga olln-base to 7.0-978 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2026-2234 is a critical security vulnerability in the C&Cm@il software suite developed by HGiga, specifically affecting versions of the olln-base component prior to 7.0-978.'}, {'type': 'paragraph', 'content': "The vulnerability is caused by missing authentication controls, which allows unauthenticated remote attackers to read and modify any user's email content without needing any privileges or user interaction."}, {'type': 'paragraph', 'content': 'This means that an attacker can remotely access sensitive email data, compromising both confidentiality and integrity of the emails.'}] [1, 2]

Impact Analysis

[{'type': 'paragraph', 'content': "This vulnerability allows an attacker to remotely access and alter any user's email content without authentication."}, {'type': 'list_item', 'content': 'Loss of confidentiality: sensitive email information can be read by unauthorized parties.'}, {'type': 'list_item', 'content': 'Loss of integrity: email contents can be modified by attackers, potentially leading to misinformation or malicious instructions.'}, {'type': 'paragraph', 'content': 'However, the vulnerability does not impact the availability of the email service.'}] [1, 2]

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

[{'type': 'paragraph', 'content': 'The immediate step to mitigate the CVE-2026-2234 vulnerability is to update the olln-base component of the C&Cm@il package to version 7.0-978 or later.'}, {'type': 'paragraph', 'content': "This update addresses the missing authentication vulnerability that allows unauthenticated remote attackers to read and modify any user's mail content."}] [1, 2]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-2234. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart