PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-6351 Openfind CVE debrief

CRLF injection vulnerability in MailGates/MailAudit by Openfind enables unauthenticated remote attackers to read system files. Published 2026-04-16; modified 2026-05-19. CVSS 4.0 vector indicates network attack vector with low complexity, no privileges required, and high confidentiality impact. CISA KEV: Not listed.

Vendor
Openfind
Product
MailGates
CVSS
HIGH 8.7
CISA KEV
Not listed in stored evidence
Original CVE published
2026-04-16
Original CVE updated
2026-05-19
Advisory published
2026-04-16
Advisory updated
2026-05-19

Who should care

Organizations operating Openfind MailGates or MailAudit email security gateways; security teams responsible for email infrastructure protection; incident response teams monitoring for data exfiltration via header injection attacks.

Technical summary

CVE-2026-6351 is a CRLF injection vulnerability (CWE-93) in MailGates and MailAudit products developed by Openfind. The flaw allows unauthenticated remote attackers to manipulate HTTP headers through carriage return and line feed injection, resulting in unauthorized reading of system files. The vulnerability carries a CVSS 4.0 score of 8.7 (HIGH severity) with network attack vector, low attack complexity, no required privileges, and high confidentiality impact. The issue was disclosed by Taiwan CERT/CC (TWCERT/CC) and is currently in Deferred status in the National Vulnerability Database. No CISA KEV listing or known ransomware campaign use has been identified.

Defensive priority

HIGH

Recommended defensive actions

  • Apply vendor patches from Openfind when available; monitor Taiwan CERT/CC advisories for remediation guidance.
  • Implement input validation and sanitization for HTTP headers to mitigate CRLF injection vectors.
  • Review and restrict outbound HTTP request handling in MailGates/MailAudit deployments.
  • Monitor for anomalous file access patterns indicating potential exploitation.

Evidence notes

Vulnerability type confirmed as CWE-93 (CRLF Injection) per Taiwan CERT/CC. CVSS 4.0 scoring indicates high severity (8.7). NVD status currently Deferred.

Official resources

2026-04-16T03:16:31.053Z