Mailcow Dockerized Vulnerabilities

Server-Side Template Injection Vulnerability in Mailcow by Mailcow

CVE-2025-53909

MailcowMailcow-dockerized9.1CRITICAL

Security Flaw in Mailcow's Password Reset Feature Affects Users

CVE-2025-25198

MailcowMailcow-dockerized7.1HIGH

JavaScript Payload Injection Vulnerability in Dockerized Groupware/Email Suite

CVE-2024-41960

MailcowMailcow-dockerized4.8MEDIUM

Unauthorized JavaScript injection in API logs could lead to malicious actions and data theft

CVE-2024-41959

MailcowMailcow-dockerized6.1MEDIUM

Bypass of 2FA Protection in Mailcow's Dockerized Groupware/Email Suite

CVE-2024-41958

MailcowMailcow-dockerized👾🟡EPSS 14%7.2HIGH

Mailcow Vulnerability Affects Prior Versions, Patch Released

CVE-2024-30270

MailcowMailcow-dockerized👾🟡EPSS 42%📰6.2MEDIUM

Mailcow Vulnerability Affects Prior Versions, Pose Significant Security Risk

CVE-2024-31204

MailcowMailcow-dockerized📰6.1MEDIUM

Mailcow Docker Container Exposure to Local Network

CVE-2024-24760

MailcowMailcow-dockerized👾🟡8.8HIGH

mailcow ipixel flood attack leads to Denial of Service in admin page

CVE-2024-23824

MailcowMailcow-dockerized4.7MEDIUM

mailcow-dockerized XSS Vulnerability in Quarantine UI Allows Unauthorized Access and Data Manipulation

CVE-2023-49077

mailcowmailcow-dockerized6.1MEDIUM

Manipulation of Internal Dovecot Variables in mailcow via crafted Passwords

CVE-2023-34108

mailcowmailcow-dockerized8.8HIGH

mailcow is vulnerable to shell command injection via xoauth2 authentication in imapsync

CVE-2023-26490

MailcowMailcow-dockerized7.3HIGH

mailcow-dockerized critical information misrepresentation can lead to phishing attacks through Swagger UI

CVE-2022-39258

MailcowMailcow-dockerized8.1HIGH

OS Command Injection in mailcow

CVE-2022-31138

MailcowMailcow-dockerized👾🟡8.8HIGH

mailcow Mailcow Dockerized Vulnerabilities

Vulnerability Published:

Sort By:

17 July 2025

Server-Side Template Injection Vulnerability in Mailcow by Mailcow

12 February 2025

Security Flaw in Mailcow's Password Reset Feature Affects Users

5 August 2024

JavaScript Payload Injection Vulnerability in Dockerized Groupware/Email Suite

Unauthorized JavaScript injection in API logs could lead to malicious actions and data theft

Bypass of 2FA Protection in Mailcow's Dockerized Groupware/Email Suite

4 April 2024

Mailcow Vulnerability Affects Prior Versions, Patch Released

Mailcow Vulnerability Affects Prior Versions, Pose Significant Security Risk

2 February 2024

Mailcow Docker Container Exposure to Local Network

mailcow ipixel flood attack leads to Denial of Service in admin page

30 November 2023

mailcow-dockerized XSS Vulnerability in Quarantine UI Allows Unauthorized Access and Data Manipulation

7 June 2023

Manipulation of Internal Dovecot Variables in mailcow via crafted Passwords

4 March 2023

mailcow is vulnerable to shell command injection via xoauth2 authentication in imapsync

27 September 2022

mailcow-dockerized critical information misrepresentation can lead to phishing attacks through Swagger UI

11 July 2022

OS Command Injection in mailcow

Vulnerability Published:

Sort By:

17 July 2025

Server-Side Template Injection Vulnerability in Mailcow by Mailcow

12 February 2025

Security Flaw in Mailcow's Password Reset Feature Affects Users

5 August 2024

JavaScript Payload Injection Vulnerability in Dockerized Groupware/Email Suite

Unauthorized JavaScript injection in API logs could lead to malicious actions and data theft

Bypass of 2FA Protection in Mailcow's Dockerized Groupware/Email Suite

4 April 2024

Mailcow Vulnerability Affects Prior Versions, Patch Released

Mailcow Vulnerability Affects Prior Versions, Pose Significant Security Risk

2 February 2024

Mailcow Docker Container Exposure to Local Network

mailcow ipixel flood attack leads to Denial of Service in admin page

30 November 2023

mailcow-dockerized XSS Vulnerability in Quarantine UI Allows Unauthorized Access and Data Manipulation

7 June 2023

Manipulation of Internal Dovecot Variables in mailcow via crafted Passwords

4 March 2023

mailcow is vulnerable to shell command injection via xoauth2 authentication in imapsync​

27 September 2022

mailcow-dockerized critical information misrepresentation can lead to phishing attacks through Swagger UI

11 July 2022

OS Command Injection in mailcow

mailcow is vulnerable to shell command injection via xoauth2 authentication in imapsync