Every CVE whose affected-product data names Bulwarkmail Webmail, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2026-34833 — CVSS 7.5 (high): Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to version 1.4.10, the GET /api/auth/session endpoint…
CVE-2026-34834 — CVSS 7.5 (high): Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to version 1.4.10, the verifyIdentity() function contained…
CVE-2026-35389 — CVSS 7.5 (high): Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to 1.4.11, S/MIME signature verification did not validate…
CVE-2026-35391 — CVSS 7.5 (high): Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to 1.4.11, the getClientIP() function in…
CVE-2026-35390 — CVSS 5.4 (medium): Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to 1.4.11, the reverse proxy (proxy.ts) set the…