Canarymail Canary Mail — known CVE vulnerabilities
Every CVE whose affected-product data names Canarymail Canary Mail, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2025-65318 — CVSS 9.1 (critical): When using the attachment interaction functionality, Canary Mail 5.1.40 and below saves documents to a file system without a…
CVE-2021-26911 — CVSS 7.4 (high): core/imap/MCIMAPSession.cpp in Canary Mail before 3.22 has Missing SSL Certificate Validation for IMAP in STARTTLS mode.