Nodemailer CVE debriefs

CVE-2026-38728

CVE-2026-38728 is a high-severity denial-of-service issue in the Nodemailer smtp-server component before v3.18.3. The supplied record says a remote attacker can trigger the failure through SMTPStream._write in lib/smtp-stream.js. A fix is referenced in the v3.18.3 release, and the NVD record currently shows vulnStatus as Deferred.