Description
MailGates/MailAudit developed by Openfind has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to control the program's execution flow and execute arbitrary code.
Published: 2026-04-16
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

MailGates and MailAudit, developed by Openfind, contain a stack-based buffer overflow that permits unauthenticated remote attackers to hijack program execution and run arbitrary code. The flaw results in a compromise of confidentiality, integrity, and availability for any system hosting the vulnerable component, as attacker‑controlled code can be executed with the privileges of the running process.

Affected Systems

The vulnerability affects Openfind's MailAudit and MailGates products. For installations on version 6.0, a patch is available in version 6.1.10.054 or newer. For installations on version 5.0, the fix resides in version 5.2.10.099 or newer.

Risk and Exploitability

With a CVSS score of 9.3 the flaw is classified as critical. EPSS data is not available, and the vulnerability is not listed in the CISA KEV catalog, indicating no known active exploitation campaigns. Nevertheless, the unauthenticated remote attack surface means that an attacker can exploit the issue without prior credentials, making timely remediation imperative.

Generated by OpenCVE AI on April 16, 2026 at 09:00 UTC.

Remediation

Vendor Solution

MailGates/MailAudit 6.0: Update to version 6.1.10.054 or later MailGates/MailAudit 5.0: Update to version 5.2.10.099 or later

OpenCVE Recommended Actions

  • Upgrade MailGates and MailAudit to version 6.1.10.054 or later for the 6.0 line, and to version 5.2.10.099 or later for the 5.0 line.
  • If an immediate upgrade is not possible, apply network segmentation or firewall rules to block external access to the affected services until a patch can be deployed.
  • Continuously monitor logs and network traffic for signs of exploitation attempts, such as abnormal stack usage or execution of injected code.

Generated by OpenCVE AI on April 16, 2026 at 09:00 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 16 Apr 2026 05:00:00 +0000

Type Values Removed Values Added
First Time appeared Openfind
Openfind mailaudit
Openfind mailgates
Vendors & Products Openfind
Openfind mailaudit
Openfind mailgates

Thu, 16 Apr 2026 02:45:00 +0000

Type Values Removed Values Added
Description MailGates/MailAudit developed by Openfind has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to control the program's execution flow and execute arbitrary code.
Title Openfind|MailGates/MailAudit - Stack-based Buffer Overflow
Weaknesses CWE-121
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Openfind Mailaudit Mailgates
cve-icon MITRE

Status: PUBLISHED

Assigner: twcert

Published:

Updated: 2026-04-16T13:16:52.215Z

Reserved: 2026-04-15T11:32:31.020Z

Link: CVE-2026-6350

cve-icon Vulnrichment

Updated: 2026-04-16T13:16:45.661Z

cve-icon NVD

Status : Deferred

Published: 2026-04-16T03:16:30.847

Modified: 2026-05-19T15:52:30.143

Link: CVE-2026-6350

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T09:15:30Z

Weaknesses