Skip to main content
A Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection. Six years running.Find Out Why
CVE Vulnerability Database
Vulnerability Database/CVE-2026-21859

CVE-2026-21859: Mailpit Email Testing Tool SSRF Vulnerability

CVE-2026-21859 is a Server-Side Request Forgery flaw in Mailpit email testing tool that allows attackers to access internal network resources through the /proxy endpoint. This post covers technical details, affected versions, and mitigation.

Updated:

CVE-2026-21859 Overview

CVE-2026-21859 is a Server-Side Request Forgery (SSRF) vulnerability affecting Mailpit, an email testing tool and API for developers. Versions 1.28.0 and below contain a security flaw in the /proxy endpoint that allows attackers to make requests to internal network resources. While the endpoint validates http:// and https:// schemes, it fails to block internal IP addresses, enabling attackers to access internal services and APIs that should be restricted from external access.

Critical Impact

Attackers can leverage the unprotected proxy endpoint to scan internal networks, access sensitive internal services, and potentially exfiltrate confidential data from systems that would otherwise be unreachable from external networks.

Affected Products

  • Mailpit versions 1.28.0 and earlier
  • Mailpit /proxy endpoint implementations
  • Development and staging environments running vulnerable Mailpit instances

Discovery Timeline

  • 2026-01-08 - CVE CVE-2026-21859 published to NVD
  • 2026-01-08 - Last updated in NVD database

Technical Details for CVE-2026-21859

Vulnerability Analysis

This SSRF vulnerability (CWE-918) exists in Mailpit's /proxy endpoint, which is designed to fetch external resources for email rendering functionality. The core issue is insufficient validation of destination URLs—while the endpoint correctly validates that URLs use HTTP or HTTPS schemes, it does not implement IP address filtering to prevent requests to internal network addresses such as 127.0.0.1, 10.0.0.0/8, 172.16.0.0/12, or 192.168.0.0/16.

The vulnerability is constrained to HTTP GET requests with minimal headers, which limits the attack surface compared to full-featured SSRF vulnerabilities. However, this is still sufficient for attackers to enumerate internal services, access metadata endpoints in cloud environments, and potentially retrieve sensitive configuration data.

Root Cause

The root cause is missing input validation for internal IP addresses in the /proxy endpoint's URL handling logic. The endpoint implements scheme validation to ensure only HTTP and HTTPS protocols are used, but lacks the corresponding validation to block requests to private IP address ranges and localhost. This oversight allows external users to leverage the Mailpit server as a proxy to reach internal network resources.

Attack Vector

The attack is network-based and requires no authentication or user interaction. An attacker can craft malicious requests to the /proxy endpoint with URLs targeting internal services. Common attack scenarios include:

  1. Accessing cloud metadata endpoints (e.g., http://169.254.169.254/latest/meta-data/)
  2. Scanning internal networks for open ports and services
  3. Retrieving configuration from internal APIs
  4. Bypassing firewall rules that restrict direct external access

The fix in version 1.28.1 restricts the screenshot proxy to only support asset links contained within the email message itself, preventing arbitrary URL proxying.

text
 	methods: {
 		initScreenshot() {
 			this.loading = 1;
+			const baseUrl = `${location.protocol}//${location.host}/`;
+			// absolute proxy URL
+			const proxy = new URL(this.resolve("/proxy"), baseUrl).href;
+			const urlRegex = /(url\(('|")?(https?:\/\/[^)'"]+)('|")?\))/gim;
+
 			// remove base tag, if set
 			let h = this.message.HTML.replace(/<base .*>/im, "");
-			const proxy = this.resolve("/proxy");
 
 			// Outlook hacks - else screenshot returns blank image
 			h = h.replace(/<html [^>]+>/gim, "<html>"); // remove html attributes
 			h = h.replace(/<o:p><\/o:p>/gm, ""); // remove empty `<o:p></o:p>` tags
 			h = h.replace(/<o:/gm, "<"); // replace `<o:p>` tags with `<p>`
 			h = h.replace(/<\/o:/gm, "</"); // replace `</o:p>` tags with `</p>`
 
-			// update any inline `url(...)` absolute links
-			const urlRegex = /(url\(('|")?(https?:\/\/[^)'"]+)('|")?\))/gim;
-			h = h.replaceAll(urlRegex, (match, p1, p2, p3) => {
-				if (typeof p2 === "string") {
-					return `url(${p2}${proxy}?url=` + encodeURIComponent(this.decodeEntities(p3)) + `${p2})`;
-				}
-				return `url(${proxy}?url=` + encodeURIComponent(this.decodeEntities(p3)) + `)`;
-			});
-
 			// create temporary document to manipulate
 			const doc = document.implementation.createHTMLDocument();
 			doc.open();

Source: GitHub Commit Details

Detection Methods for CVE-2026-21859

Indicators of Compromise

  • Unusual outbound requests from Mailpit server to internal IP ranges (10.x.x.x, 172.16.x.x, 192.168.x.x, 127.0.0.1)
  • High volume of requests to the /proxy endpoint from external sources
  • Requests to cloud metadata endpoints (e.g., 169.254.169.254) originating from Mailpit servers
  • Access logs showing proxy requests to non-standard ports on internal hosts

Detection Strategies

  • Monitor web server access logs for /proxy endpoint requests containing internal IP addresses or localhost
  • Implement network-level monitoring to detect egress traffic from Mailpit servers to internal network segments
  • Configure alerting for requests targeting cloud metadata endpoints from application servers
  • Review firewall logs for unexpected outbound connections originating from Mailpit instances

Monitoring Recommendations

  • Enable verbose logging on Mailpit instances to capture all proxy requests with full URL details
  • Deploy network segmentation monitoring to detect cross-segment traffic from development tool servers
  • Implement web application firewall rules to inspect and block suspicious proxy requests
  • Set up automated scanning to identify Mailpit instances running versions below 1.28.1

How to Mitigate CVE-2026-21859

Immediate Actions Required

  • Upgrade Mailpit to version 1.28.1 or later immediately
  • Restrict network access to Mailpit instances to only authorized users and networks
  • Review access logs for evidence of exploitation attempts against the /proxy endpoint
  • Implement network-level controls to prevent Mailpit servers from accessing internal services

Patch Information

The vulnerability is fixed in Mailpit version 1.28.1. The patch restricts the screenshot proxy functionality to only support asset links that are contained within email messages, preventing arbitrary URL proxying. The fix can be reviewed in the GitHub Commit Details. Additional details are available in the GitHub Security Advisory GHSA-8v65-47jx-7mfr.

Workarounds

  • Place Mailpit behind a reverse proxy that filters requests to the /proxy endpoint
  • Implement firewall rules to prevent outbound connections from Mailpit to internal network ranges
  • Restrict access to Mailpit instances using authentication and IP allowlisting
  • Deploy network segmentation to isolate development tools from production infrastructure
bash
# Example: iptables rules to block Mailpit from accessing internal networks
iptables -A OUTPUT -s <mailpit-server-ip> -d 10.0.0.0/8 -j DROP
iptables -A OUTPUT -s <mailpit-server-ip> -d 172.16.0.0/12 -j DROP
iptables -A OUTPUT -s <mailpit-server-ip> -d 192.168.0.0/16 -j DROP
iptables -A OUTPUT -s <mailpit-server-ip> -d 127.0.0.0/8 -j DROP
iptables -A OUTPUT -s <mailpit-server-ip> -d 169.254.169.254 -j DROP

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.

Try SentinelOne