CRLF Injection Vulnerability in MailGates/MailAudit by Openfind
CVE-2026-6351

8.7HIGH

Key Information:

Vendor: Openfind
Status: Mailgates; Mailaudit
Vendor: CVE Published:; 16 April 2026

What is CVE-2026-6351?

MailGates/MailAudit developed by Openfind is susceptible to a CRLF Injection vulnerability, which can be exploited by unauthenticated remote attackers. This weakness allows attackers to read sensitive system files, potentially leading to severe security breaches. It's critical for users of the affected product to apply necessary updates and security measures to mitigate the risk associated with this vulnerability.

Affected Version(s)

MailAudit 6.0 < 6.1.10.054

MailAudit 5.0 < 5.2.10.099

MailGates 6.0 < 6.1.10.054

References

https://www.twcert.org.tw/tw/cp-132-10844-1405d-1.html

third-party-advisory

https://www.twcert.org.tw/en/cp-139-10843-9ff91-2.html

third-party-advisory

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 16, 2026
Vulnerability Reserved
Apr 15, 2026

CVE-2026-6351 Data

JSON