Description
C&Cm@il developed by HGiga has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read and modify any user's mail content.
Published: 2026-02-09
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Data Exposure and Modification
Action: Patch Immediately
AI Analysis

Impact

The vulnerability is a missing authentication flaw that permits any unauthenticated remote attacker to read and modify the mail content of any user. This weakness can lead to complete compromise of confidentiality and integrity of user data.

Affected Systems

The affected product is HGiga's C&Cm@il mail application, delivered as the olln-base package. Systems running versions of olln-base earlier than 7.0‑978 are vulnerable; upgrading to version 7.0‑978 or later is required for remediation.

Risk and Exploitability

The CVSS score of 9.3 indicates critical severity, while the EPSS score of less than 1% suggests that exploitation is unlikely at present. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog, but its attack vector is remote and does not require authentication, making it highly attractive for attackers who succeed. The potential impact spans enterprise-wide exposure of sensitive email contents and unauthorized modification of communications.

Generated by OpenCVE AI on April 17, 2026 at 21:33 UTC.

Remediation

Vendor Solution

Update package olln-base to version 7.0-978 or later.

OpenCVE Recommended Actions

  • Update the olln-base package to version 7.0‑978 or later. This is the official vendor‑provided fix that eliminates the missing authentication issue.
  • If an immediate upgrade is not feasible, restrict external access to the mail service by enabling network segmentation or applying firewall rules that block unauthenticated remote connections to mail endpoints.

Generated by OpenCVE AI on April 17, 2026 at 21:33 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 10 Feb 2026 12:45:00 +0000

Type Values Removed Values Added
First Time appeared Hgiga
Hgiga c&cm@il Package Olln-base
Vendors & Products Hgiga
Hgiga c&cm@il Package Olln-base

Tue, 10 Feb 2026 12:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 09 Feb 2026 07:45:00 +0000

Type Values Removed Values Added
Description C&Cm@il developed by HGiga has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read and modify any user's mail content.
Title HGiga|C&Cm@il - Missing Authentication
Weaknesses CWE-306
References
Metrics cvssV3_1

{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Hgiga C&cm@il Package Olln-base
cve-icon MITRE

Status: PUBLISHED

Assigner: twcert

Published:

Updated: 2026-02-09T15:40:21.454Z

Reserved: 2026-02-09T06:08:58.321Z

Link: CVE-2026-2234

cve-icon Vulnrichment

Updated: 2026-02-09T15:40:17.299Z

cve-icon NVD

Status : Deferred

Published: 2026-02-09T08:16:12.287

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-2234

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T21:45:28Z

Weaknesses