Description
An issue in the attachment handling component of Feuerhamster MailForm v1.1.0 allows attackers to cause a Denial of Service (DoS) via a crafted request.
Published: 2026-06-15
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in the attachment handling component of Feuerhamster MailForm version 1.1.0, where a crafted request can trigger a denial of service by consuming system resources. The weakness is a classic uncontrolled resource consumption flaw, mapped to CWE‑400.

Affected Systems

Any deployment running Feuerhamster MailForm 1.1.0 is susceptible. No further vendor or version details are provided.

Risk and Exploitability

The CVSS score of 7.5 indicates a high severity risk, while the EPSS score of less than 1% suggests the likelihood of exploitation is currently low. The vulnerability is not listed in the CISA KEV catalog, implying no known large‑scale exploitation. Attackers can likely invoke the flaw by sending a specially crafted HTTP request to the mail form endpoint, potentially from any network location with access to the service.

Generated by OpenCVE AI on June 18, 2026 at 01:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Feuerhamster MailForm to a patched version that addresses the attachment handling flaw
  • Disable the attachment feature if it is not required for the organization’s use cases
  • Configure network perimeter controls or the application firewall to reject or rate‑limit requests that contain unusually large or malformed attachments
  • Continuously monitor the application logs for repeated failed attachment submissions and block offending IP addresses

Generated by OpenCVE AI on June 18, 2026 at 01:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 19 Jun 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Feuerhamster
Feuerhamster mailform
Vendors & Products Feuerhamster
Feuerhamster mailform

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Title Denial of Service via Crafted Attachment in Feuerhamster MailForm

Wed, 17 Jun 2026 05:15:00 +0000

Type Values Removed Values Added
Title Denial of Service via Crafted Attachment in Feuerhamster MailForm

Tue, 16 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-400
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 15 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Description An issue in the attachment handling component of Feuerhamster MailForm v1.1.0 allows attackers to cause a Denial of Service (DoS) via a crafted request.
References

Subscriptions

Feuerhamster Mailform
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-16T13:04:11.388Z

Reserved: 2026-06-07T00:00:00.000Z

Link: CVE-2026-50878

cve-icon Vulnrichment

Updated: 2026-06-16T13:03:27.839Z

cve-icon NVD

Status : Deferred

Published: 2026-06-15T20:16:30.723

Modified: 2026-06-16T15:35:16.600

Link: CVE-2026-50878

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-19T09:35:50Z

Weaknesses
  • CWE-400

    Uncontrolled Resource Consumption