CVE-2026-6351
CRLF Injection in Openfind MailGates Allows Remote File Access
Publication date: 2026-04-16
Last updated on: 2026-04-16
Assigner: TWCERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openfind | mailgates_mailaudit | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-93 | The product uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a CRLF Injection issue in MailGates/MailAudit developed by Openfind. It allows unauthenticated remote attackers to exploit the system by injecting carriage return and line feed characters, which can be used to manipulate the system and read system files without authorization.
How can this vulnerability impact me? :
The vulnerability can have a significant impact as it allows attackers to read sensitive system files remotely without any authentication. This can lead to unauthorized disclosure of confidential information and potentially further exploitation of the affected system.