{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-6350", "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "state": "PUBLISHED", "assignerShortName": "twcert", "dateReserved": "2026-04-15T11:32:31.020Z", "datePublished": "2026-04-16T02:30:17.942Z", "dateUpdated": "2026-04-16T13:16:52.215Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert", "dateUpdated": "2026-04-16T02:40:08.540Z"}, "title": "Openfind\uff5cMailGates/MailAudit - Stack-based Buffer Overflow", "datePublic": "2026-04-16T02:26:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-121", "description": "CWE-121 Stack-based buffer overflow", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100 Overflow Buffers"}]}], "affected": [{"vendor": "Openfind", "product": "MailGates", "versions": [{"status": "affected", "version": "6.0", "lessThan": "6.1.10.054", "versionType": "custom"}, {"status": "affected", "version": "5.0", "lessThan": "5.2.10.099", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Openfind", "product": "MailAudit", "versions": [{"status": "affected", "version": "6.0", "lessThan": "6.1.10.054", "versionType": "custom"}, {"status": "affected", "version": "5.0", "lessThan": "5.2.10.099", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "MailGates/MailAudit developed by Openfind has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to control the program's execution flow and execute arbitrary code.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "MailGates/MailAudit developed by Openfind has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to control the program's execution flow and execute arbitrary code."}]}], "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-10844-1405d-1.html", "tags": ["third-party-advisory"]}, {"url": "https://www.twcert.org.tw/en/cp-139-10843-9ff91-2.html", "tags": ["third-party-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "CRITICAL", "baseScore": 9.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}}, {"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "CRITICAL", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}], "solutions": [{"lang": "en", "value": "MailGates/MailAudit 6.0\uff1a Update to version 6.1.10.054 or later\n\nMailGates/MailAudit 5.0\uff1a Update to version 5.2.10.099 or later", "supportingMedia": [{"type": "text/html", "base64": false, "value": "MailGates/MailAudit 6.0\uff1a Update to version 6.1.10.054 or later\n<br>MailGates/MailAudit 5.0\uff1a Update to version 5.2.10.099 or later"}]}], "source": {"advisory": "TVN-202604003", "discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-16T13:16:42.371068Z", "id": "CVE-2026-6350", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-16T13:16:52.215Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-6350", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-16T13:16:42.371068Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-16T13:16:45.661Z"}}], "cna": {"title": "Openfind\uff5cMailGates/MailAudit - Stack-based Buffer Overflow", "source": {"advisory": "TVN-202604003", "discovery": "EXTERNAL"}, "impacts": [{"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100 Overflow Buffers"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Openfind", "product": "MailGates", "versions": [{"status": "affected", "version": "6.0", "lessThan": "6.1.10.054", "versionType": "custom"}, {"status": "affected", "version": "5.0", "lessThan": "5.2.10.099", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Openfind", "product": "MailAudit", "versions": [{"status": "affected", "version": "6.0", "lessThan": "6.1.10.054", "versionType": "custom"}, {"status": "affected", "version": "5.0", "lessThan": "5.2.10.099", "versionType": "custom"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "MailGates/MailAudit 6.0\uff1a Update to version 6.1.10.054 or later\n\nMailGates/MailAudit 5.0\uff1a Update to version 5.2.10.099 or later", "supportingMedia": [{"type": "text/html", "value": "MailGates/MailAudit 6.0\uff1a Update to version 6.1.10.054 or later\n<br>MailGates/MailAudit 5.0\uff1a Update to version 5.2.10.099 or later", "base64": false}]}], "datePublic": "2026-04-16T02:26:00.000Z", "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-10844-1405d-1.html", "tags": ["third-party-advisory"]}, {"url": "https://www.twcert.org.tw/en/cp-139-10843-9ff91-2.html", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "MailGates/MailAudit developed by Openfind has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to control the program's execution flow and execute arbitrary code.", "supportingMedia": [{"type": "text/html", "value": "MailGates/MailAudit developed by Openfind has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to control the program's execution flow and execute arbitrary code.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-121", "description": "CWE-121 Stack-based buffer overflow"}]}], "providerMetadata": {"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert", "dateUpdated": "2026-04-16T02:40:08.540Z"}}}, "cveMetadata": {"cveId": "CVE-2026-6350", "state": "PUBLISHED", "dateUpdated": "2026-04-16T13:16:52.215Z", "dateReserved": "2026-04-15T11:32:31.020Z", "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "datePublished": "2026-04-16T02:30:17.942Z", "assignerShortName": "twcert"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "MailGates/MailAudit developed by Openfind has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to control the program's execution flow and execute arbitrary code."}], "id": "CVE-2026-6350", "lastModified": "2026-04-16T03:16:30.847", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "twcert@cert.org.tw", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "twcert@cert.org.tw", "type": "Secondary"}]}, "published": "2026-04-16T03:16:30.847", "references": [{"source": "twcert@cert.org.tw", "url": "https://www.twcert.org.tw/en/cp-139-10843-9ff91-2.html"}, {"source": "twcert@cert.org.tw", "url": "https://www.twcert.org.tw/tw/cp-132-10844-1405d-1.html"}], "sourceIdentifier": "twcert@cert.org.tw", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-121"}], "source": "twcert@cert.org.tw", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[6.0,6.1.10.054)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[5.0,5.2.10.099)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "MailAudit", "source": "cna", "vendor": "Openfind"}, "product": "mailaudit", "vendor": "openfind"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[6.0,6.1.10.054)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[5.0,5.2.10.099)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "MailGates", "source": "cna", "vendor": "Openfind"}, "product": "mailgates", "vendor": "openfind"}], "analysis": {"en": {"generated_at": "2026-04-16T09:00:37.038602+00:00", "value": {"mitigation_remediation": ["Upgrade MailGates and MailAudit to version 6.1.10.054 or later for the 6.0 line, and to version 5.2.10.099 or later for the 5.0 line.", "If an immediate upgrade is not possible, apply network segmentation or firewall rules to block external access to the affected services until a patch can be deployed.", "Continuously monitor logs and network traffic for signs of exploitation attempts, such as abnormal stack usage or execution of injected code."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The vulnerability affects Openfind's MailAudit and MailGates products. For installations on version 6.0, a patch is available in version 6.1.10.054 or newer. For installations on version 5.0, the fix resides in version 5.2.10.099 or newer.", "description_and_impact": "MailGates and MailAudit, developed by Openfind, contain a stack-based buffer overflow that permits unauthenticated remote attackers to hijack program execution and run arbitrary code. The flaw results in a compromise of confidentiality, integrity, and availability for any system hosting the vulnerable component, as attacker\u2011controlled code can be executed with the privileges of the running process.", "risk_and_exploitability": "With a CVSS score of 9.3 the flaw is classified as critical. EPSS data is not available, and the vulnerability is not listed in the CISA KEV catalog, indicating no known active exploitation campaigns. Nevertheless, the unauthenticated remote attack surface means that an attacker can exploit the issue without prior credentials, making timely remediation imperative."}}}}, "created": "2026-04-16T04:45:15.907782+00:00", "updated": "2026-04-16T09:15:30.973129+00:00", "vendors": ["openfind", "openfind$PRODUCT$mailaudit", "openfind$PRODUCT$mailgates"]}