Openfind MailGates/MailAudit and Sagredo qmail were disclosed with critical remote code execution vulnerabilities that could let attackers compromise exposed mail infrastructure. CVE-2026-6350 affects Openfind MailGates/MailAudit and is a stack-based buffer overflow (CWE-121) that allows an unauthenticated remote attacker to control execution flow and run arbitrary code. The flaw carries a CVSS v3.1 score reflecting network exploitation with no privileges or user interaction and high impact across confidentiality, integrity, and availability, and was referenced in advisories published by TWCERT/CC.
A second flaw, CVE-2026-41113, affects Sagredo qmail versions before 2026.04.07 and enables remote code execution through tls_quit because qmail-remote.c uses popen in the notlshosts_auto component, a command injection issue tracked as CWE-78. The vulnerability was documented with references to public research, a GitHub publications repository, the fixing commit, pull request #42, and the patched v2026.04.07 release, giving defenders a clear remediation path while underscoring the risk to internet-facing email systems.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
3 events from the most recent confirmed update back to the earliest known activity.
A new CVE entry documented a remote code execution vulnerability in Sagredo qmail's tls_quit functionality affecting versions before 2026.04.07. The record says it was received by cve@mitre.org and classifies the issue as OS command injection.
A new CVE entry documented a stack-based buffer overflow in Openfind MailGates/MailAudit that could let unauthenticated remote attackers control execution flow and run arbitrary code. The record notes it was received by twcert@cert.org.tw and references TWCERT/CC advisories.
Sagredo qmail version 2026.04.07 was released to address a remote code execution flaw in tls_quit caused by use of popen in qmail-remote.c. The CVE entry states affected versions are those before 2026.04.07 and references the fixing commit, pull request #42, and the release.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
3 references tracked. Mallory keeps watching after this page renders.
github.com
Open sourcecvefeed.io
Open sourcecvefeed.io
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.