Plattform
linux
Komponente
qmail
Behoben in
2026.04.07
CVE-2026-41113 describes a Remote Code Execution (RCE) vulnerability affecting sagredo qmail mail server versions between 2024.10.26 and 2026.04.07. This vulnerability stems from an insecure use of popen within the notlshosts_auto function in qmail-remote.c, allowing an attacker to execute arbitrary commands. A patch was released on 2026.04.07, addressing this critical security flaw.
Successful exploitation of CVE-2026-41113 allows an attacker to execute arbitrary code on the affected qmail server with the privileges of the qmail process. This could lead to complete system compromise, including data exfiltration, malware installation, and denial of service. Given that qmail is often used in critical email infrastructure, a successful attack could disrupt email services and expose sensitive data. The ability to execute arbitrary code opens the door to lateral movement within the network, potentially compromising other systems accessible from the mail server. The blast radius extends to any data processed or stored by the mail server, including user credentials, email content, and configuration files.
CVE-2026-41113 was publicly disclosed on 2026-04-16. The vulnerability's severity is rated HIGH with a CVSS score of 8.1. Currently, there are no known public proof-of-concept exploits available, but the RCE nature of the vulnerability suggests a high probability of exploitation if a PoC is released. It is not currently listed on the CISA KEV catalog. Monitor security advisories and threat intelligence feeds for any indications of active exploitation campaigns.
Organizations running qmail mail servers, particularly those with publicly accessible instances or those handling sensitive email data, are at risk. This includes small businesses, non-profit organizations, and larger enterprises relying on qmail for their email infrastructure. Systems with outdated qmail installations and inadequate network security controls are particularly vulnerable.
• linux / server:
journalctl -u qmail | grep -i tls_quit• linux / server:
lsof -i :25 | grep qmail• linux / server:
ps aux | grep qmaildisclosure
Exploit-Status
EPSS
0.09% (26% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-41113 is to upgrade to qmail version 2026.04.07 or later. If an immediate upgrade is not possible, consider implementing temporary workarounds such as restricting network access to the qmail server using a firewall or Web Application Firewall (WAF) to limit potential attack vectors. Carefully review and restrict the permissions granted to the qmail user account to minimize the impact of a potential compromise. Monitor system logs for suspicious activity related to the tlsquit command or unexpected process executions. After upgrading, confirm the fix by attempting to trigger the vulnerable tlsquit sequence and verifying that it no longer results in code execution.
Actualice qmail a la versión 2026.04.07 o posterior para mitigar la vulnerabilidad de ejecución remota de código. La actualización corrige el uso inseguro de `popen` en el archivo `qmail-remote.c`, evitando la ejecución de comandos arbitrarios.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-41113 is a Remote Code Execution vulnerability in sagredo qmail mail server versions 2024.10.26–2026.04.07, allowing attackers to execute arbitrary code. It has a HIGH severity rating.
You are affected if you are running qmail versions between 2024.10.26 and 2026.04.07. Check your version and upgrade immediately if vulnerable.
Upgrade to qmail version 2026.04.07 or later to patch the vulnerability. Consider temporary workarounds like firewall restrictions if immediate upgrade is not possible.
While no public exploits are currently known, the RCE nature of the vulnerability suggests a high probability of exploitation if a PoC is released. Monitor security advisories.
Refer to the official sagredo qmail website and security mailing lists for the latest advisory and patch information.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.