CVE-2026-21859 Overview
CVE-2026-21859 is a Server-Side Request Forgery (SSRF) vulnerability affecting Mailpit, an email testing tool and API for developers. Versions 1.28.0 and below contain a security flaw in the /proxy endpoint that allows attackers to make requests to internal network resources. While the endpoint validates http:// and https:// schemes, it fails to block internal IP addresses, enabling attackers to access internal services and APIs that should be restricted from external access.
Critical Impact
Attackers can leverage the unprotected proxy endpoint to scan internal networks, access sensitive internal services, and potentially exfiltrate confidential data from systems that would otherwise be unreachable from external networks.
Affected Products
- Mailpit versions 1.28.0 and earlier
- Mailpit /proxy endpoint implementations
- Development and staging environments running vulnerable Mailpit instances
Discovery Timeline
- 2026-01-08 - CVE CVE-2026-21859 published to NVD
- 2026-01-08 - Last updated in NVD database
Technical Details for CVE-2026-21859
Vulnerability Analysis
This SSRF vulnerability (CWE-918) exists in Mailpit's /proxy endpoint, which is designed to fetch external resources for email rendering functionality. The core issue is insufficient validation of destination URLs—while the endpoint correctly validates that URLs use HTTP or HTTPS schemes, it does not implement IP address filtering to prevent requests to internal network addresses such as 127.0.0.1, 10.0.0.0/8, 172.16.0.0/12, or 192.168.0.0/16.
The vulnerability is constrained to HTTP GET requests with minimal headers, which limits the attack surface compared to full-featured SSRF vulnerabilities. However, this is still sufficient for attackers to enumerate internal services, access metadata endpoints in cloud environments, and potentially retrieve sensitive configuration data.
Root Cause
The root cause is missing input validation for internal IP addresses in the /proxy endpoint's URL handling logic. The endpoint implements scheme validation to ensure only HTTP and HTTPS protocols are used, but lacks the corresponding validation to block requests to private IP address ranges and localhost. This oversight allows external users to leverage the Mailpit server as a proxy to reach internal network resources.
Attack Vector
The attack is network-based and requires no authentication or user interaction. An attacker can craft malicious requests to the /proxy endpoint with URLs targeting internal services. Common attack scenarios include:
- Accessing cloud metadata endpoints (e.g., http://169.254.169.254/latest/meta-data/)
- Scanning internal networks for open ports and services
- Retrieving configuration from internal APIs
- Bypassing firewall rules that restrict direct external access
The fix in version 1.28.1 restricts the screenshot proxy to only support asset links contained within the email message itself, preventing arbitrary URL proxying.
methods: {
initScreenshot() {
this.loading = 1;
+ const baseUrl = `${location.protocol}//${location.host}/`;
+ // absolute proxy URL
+ const proxy = new URL(this.resolve("/proxy"), baseUrl).href;
+ const urlRegex = /(url\(('|")?(https?:\/\/[^)'"]+)('|")?\))/gim;
+
// remove base tag, if set
let h = this.message.HTML.replace(/<base .*>/im, "");
- const proxy = this.resolve("/proxy");
// Outlook hacks - else screenshot returns blank image
h = h.replace(/<html [^>]+>/gim, "<html>"); // remove html attributes
h = h.replace(/<o:p><\/o:p>/gm, ""); // remove empty `<o:p></o:p>` tags
h = h.replace(/<o:/gm, "<"); // replace `<o:p>` tags with `<p>`
h = h.replace(/<\/o:/gm, "</"); // replace `</o:p>` tags with `</p>`
- // update any inline `url(...)` absolute links
- const urlRegex = /(url\(('|")?(https?:\/\/[^)'"]+)('|")?\))/gim;
- h = h.replaceAll(urlRegex, (match, p1, p2, p3) => {
- if (typeof p2 === "string") {
- return `url(${p2}${proxy}?url=` + encodeURIComponent(this.decodeEntities(p3)) + `${p2})`;
- }
- return `url(${proxy}?url=` + encodeURIComponent(this.decodeEntities(p3)) + `)`;
- });
-
// create temporary document to manipulate
const doc = document.implementation.createHTMLDocument();
doc.open();
Source: GitHub Commit Details
Detection Methods for CVE-2026-21859
Indicators of Compromise
- Unusual outbound requests from Mailpit server to internal IP ranges (10.x.x.x, 172.16.x.x, 192.168.x.x, 127.0.0.1)
- High volume of requests to the /proxy endpoint from external sources
- Requests to cloud metadata endpoints (e.g., 169.254.169.254) originating from Mailpit servers
- Access logs showing proxy requests to non-standard ports on internal hosts
Detection Strategies
- Monitor web server access logs for /proxy endpoint requests containing internal IP addresses or localhost
- Implement network-level monitoring to detect egress traffic from Mailpit servers to internal network segments
- Configure alerting for requests targeting cloud metadata endpoints from application servers
- Review firewall logs for unexpected outbound connections originating from Mailpit instances
Monitoring Recommendations
- Enable verbose logging on Mailpit instances to capture all proxy requests with full URL details
- Deploy network segmentation monitoring to detect cross-segment traffic from development tool servers
- Implement web application firewall rules to inspect and block suspicious proxy requests
- Set up automated scanning to identify Mailpit instances running versions below 1.28.1
How to Mitigate CVE-2026-21859
Immediate Actions Required
- Upgrade Mailpit to version 1.28.1 or later immediately
- Restrict network access to Mailpit instances to only authorized users and networks
- Review access logs for evidence of exploitation attempts against the /proxy endpoint
- Implement network-level controls to prevent Mailpit servers from accessing internal services
Patch Information
The vulnerability is fixed in Mailpit version 1.28.1. The patch restricts the screenshot proxy functionality to only support asset links that are contained within email messages, preventing arbitrary URL proxying. The fix can be reviewed in the GitHub Commit Details. Additional details are available in the GitHub Security Advisory GHSA-8v65-47jx-7mfr.
Workarounds
- Place Mailpit behind a reverse proxy that filters requests to the /proxy endpoint
- Implement firewall rules to prevent outbound connections from Mailpit to internal network ranges
- Restrict access to Mailpit instances using authentication and IP allowlisting
- Deploy network segmentation to isolate development tools from production infrastructure
# Example: iptables rules to block Mailpit from accessing internal networks
iptables -A OUTPUT -s <mailpit-server-ip> -d 10.0.0.0/8 -j DROP
iptables -A OUTPUT -s <mailpit-server-ip> -d 172.16.0.0/12 -j DROP
iptables -A OUTPUT -s <mailpit-server-ip> -d 192.168.0.0/16 -j DROP
iptables -A OUTPUT -s <mailpit-server-ip> -d 127.0.0.0/8 -j DROP
iptables -A OUTPUT -s <mailpit-server-ip> -d 169.254.169.254 -j DROP
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
