PatchSiren cyber security CVE debrief
CVE-2026-55187 axllent CVE debrief
CVE-2026-55187 is a MEDIUM severity vulnerability in Mailpit's Link Check API. An attacker can bypass internal IP restrictions and map internal service reachability by exploiting incomplete remediation for CVE-2026-27808. The vulnerability allows an attacker to coerce the Link Check API into dialing internal destinations using IPv6 transition mechanisms or prefixes. This issue is fixed in version 1.30.2. Operators should apply the patch, restrict API access, and monitor for suspicious activity.
- Vendor
- axllent
- Product
- mailpit
- CVSS
- MEDIUM 5.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-10
- Original CVE updated
- 2026-07-10
- Advisory published
- 2026-07-10
- Advisory updated
- 2026-07-10
Who should care
Users of Mailpit versions prior to 1.30.2 should apply the patch to prevent potential internal IP bypass and service reachability mapping. Operators and security teams should review affected scope, assess vulnerability management impact, and monitor for suspicious activity. This includes reviewing compensating controls for exposed systems and tracking exceptions.
Technical summary
The vulnerability exists in Mailpit's Link Check API, which does not properly block IPv6 transition mechanisms or prefixes such as NAT64, 6to4, IPv4-compatible IPv6, ISATAP, fec0::/10, and 2001:db8::/32. An attacker can exploit this by delivering email and invoking the POST /api/v1/message/{ID}/link-check endpoint to coerce the API into dialing internal destinations. This allows an attacker to bypass internal IP restrictions and map internal service reachability by exploiting incomplete remediation for CVE-2026-27808.
Defensive priority
Apply the patch to Mailpit, restrict access to the Link Check API, and monitor for suspicious activity with high priority. Review and verify API access controls, and assess internal exposure with available data.
Recommended defensive actions
- Apply the patch to Mailpit version 1.30.2 or later
- Restrict access to the Link Check API
- Monitor for suspicious activity
- Review compensating controls for exposed systems
- Check relevant monitoring, detection, and logs for exposed assets
- Track exceptions and retest remediated assets
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
Evidence notes
The CVE record was published on 2026-07-10T22:16:43.110Z and has not been modified since then. The NVD entry is currently 5.8 MEDIUM. Evidence is limited to CVE and NVD details. Defenders should verify Mailpit version and patch status, and review API access controls. Limited source detail suggests verifying vulnerability status through official channels and assessing internal exposure with available data.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-10T22:16:43.110Z and has not been modified since then.