CVE-2026-21859 | axllent mailpit up to 1.28.0 HTTP GET Request /proxy server-side request forgery (GHSA-8v65-47jx-7mfr)

A vulnerability was found in axllent mailpit up to 1.28.0 and classified as critical. Affected by this issue is some unknown functionality of the file /proxy of the component HTTP GET Request Handler. Such manipulation leads to server-side request forgery.

This vulnerability is uniquely identified as CVE-2026-21859. The attack can be launched remotely. No exploit exists.

It is suggested to upgrade the affected component.VulDB Recent EntriesRead More