mailcow CVE debriefs

CVE-2026-7460

CVE-2026-7460 is a stored cross-site scripting issue in mailcow-dockerized’s administrator Queue Manager. According to the supplied advisory summary, the Queue Manager pulls mail queue entries from /api/v1/get/mailq/all, places server-controlled Postfix queue fields into DataTables rows, and renders several of those fields as HTML without sufficient output encoding. The result is a HIGH-severity XSS expos [truncated]