Mailcow Mailcow: Dockerized — known CVE vulnerabilities
Every CVE whose affected-product data names Mailcow Mailcow: Dockerized, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (16)
CVE-2025-53909 — CVSS 9.1 (critical): mailcow: dockerized is an open source groupware/email suite based on docker. A Server-Side Template Injection (SSTI) vulnerability exists…
CVE-2022-31138 — CVSS 8.8 (high): mailcow is a mailserver suite. Prior to mailcow-dockerized version 2022-06a, an extended privilege vulnerability can be exploited by…
CVE-2022-31245 — CVSS 8.8 (high): mailcow before 2022-05d allows a remote authenticated user to inject OS commands and escalate privileges to domain admin via the --debug…
CVE-2024-24760 — CVSS 8.8 (high): mailcow is a dockerized email package, with multiple containers linked in one bridged network. A security vulnerability has been identified…
CVE-2023-34108 — CVSS 8.8 (high): mailcow is a mail server suite based on Dovecot, Postfix and other open source software, that provides a modern web UI for user/server…
CVE-2023-49077 — CVSS 8.3 (high): Mailcow: dockerized is an open source groupware/email suite based on docker. A Cross-Site Scripting (XSS) vulnerability has been identified…
CVE-2022-39258 — CVSS 8.1 (high): mailcow is a mailserver suite. A vulnerability innversions prior to 2022-09 allows an attacker to craft a custom Swagger API template to…
CVE-2024-41959 — CVSS 7.6 (high): mailcow: dockerized is an open source groupware/email suite based on docker. An unauthenticated attacker can inject a JavaScript payload…
CVE-2023-26490 — CVSS 7.3 (high): mailcow is a dockerized email package, with multiple containers linked in one bridged network. The Sync Job feature - which can be made…
CVE-2025-25198 — CVSS 7.1 (high): mailcow: dockerized is an open source groupware/email suite based on docker. Prior to version 2025-01a, a vulnerability in mailcow's…
CVE-2024-41958 — CVSS 6.6 (medium): mailcow: dockerized is an open source groupware/email suite based on docker. A vulnerability has been discovered in the two-factor…
CVE-2024-30270 — CVSS 6.2 (medium): mailcow: dockerized is an open source groupware/email suite based on docker. A security vulnerability has been identified in mailcow…
CVE-2024-31204 — CVSS 6.1 (medium): mailcow: dockerized is an open source groupware/email suite based on docker. A security vulnerability has been identified in mailcow…
CVE-2024-23824 — CVSS 4.7 (medium): mailcow is a dockerized email package, with multiple containers linked in one bridged network. The application is vulnerable to pixel flood…
CVE-2024-41960 — CVSS 3.8 (low): mailcow: dockerized is an open source groupware/email suite based on docker. An authenticated admin user can inject a JavaScript payload…