Plataforma
other
Componente
olln-base
Corrigido em
7.0-978
CVE-2026-2234 describes a critical Missing Authentication vulnerability discovered in HGiga's C&Cm@il email server. This flaw allows unauthenticated remote attackers to gain unauthorized access to user mailboxes, potentially leading to data breaches and compromise. The vulnerability affects versions 0 through 7.0-978 of C&Cm@il, and a patch is available in version 7.0-978.
The impact of CVE-2026-2234 is severe due to the lack of authentication. An attacker can directly access the C&Cm@il server without needing any credentials. This allows them to read sensitive email content, including personal information, financial data, and confidential business communications. Furthermore, attackers can modify email messages, potentially injecting malicious content or altering records. The blast radius extends to all users of the affected C&Cm@il server, as any mailbox is potentially accessible. This vulnerability shares similarities with other authentication bypass flaws where attackers can circumvent security controls to gain unauthorized access.
CVE-2026-2234 was publicly disclosed on 2026-02-09. As of this date, there are no publicly available proof-of-concept exploits. The EPSS score is pending evaluation, but the CRITICAL CVSS score suggests a high probability of exploitation if the vulnerability is exposed. It is not currently listed on the CISA KEV catalog.
Organizations utilizing HGiga C&Cm@il email servers, particularly those running versions 0 through 7.0-978, are at significant risk. This includes businesses relying on C&Cm@il for internal email communication and those hosting C&Cm@il on shared infrastructure, where the potential for cross-tenant access is heightened.
disclosure
Status do Exploit
EPSS
0.08% (percentil 24%)
CISA SSVC
Vetor CVSS
The primary mitigation for CVE-2026-2234 is to upgrade C&Cm@il to version 7.0-978, which contains the fix. If an immediate upgrade is not possible due to compatibility issues or downtime constraints, consider implementing temporary workarounds. While a direct WAF rule to block unauthenticated access might be difficult to implement without impacting legitimate users, strict network segmentation can limit external access to the C&Cm@il server. Monitor C&Cm@il logs for unusual activity, such as login attempts from unknown IP addresses or unexpected email modifications. After upgrading, verify the fix by attempting to access a user mailbox without authentication; successful access indicates the vulnerability persists.
Actualice el paquete C&Cm@il a la versión 7.0-978 o superior. Esta actualización corrige la vulnerabilidad de autenticación faltante, impidiendo que atacantes remotos no autenticados lean y modifiquen el contenido del correo electrónico de cualquier usuario. Consulte el sitio web del proveedor para obtener instrucciones detalladas sobre cómo realizar la actualización.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2026-2234 is a CRITICAL vulnerability in HGiga C&Cm@il allowing unauthenticated access to user mailboxes, potentially enabling data theft and modification.
If you are using C&Cm@il versions 0 through 7.0-978, you are potentially affected by this vulnerability. Check your version and upgrade immediately.
Upgrade C&Cm@il to version 7.0-978 to resolve the Missing Authentication vulnerability. Consider temporary workarounds if an immediate upgrade is not possible.
As of the public disclosure date, there are no confirmed reports of active exploitation, but the CRITICAL severity warrants immediate attention.
Refer to the HGiga security advisory for detailed information and updates regarding CVE-2026-2234 and the available patch.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.