CVE-2026-41873— Apache Pony Mail 环境问题漏洞

Pony Mail: Admin account takeover via request smuggling

** UNSUPPORTED WHEN ASSIGNED ** Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in Pony Mail leading to admin account takeover. This issue affects all versions of the Lua implementation of Pony Mail. There is a Python implementation under development under the name "Pony Mail Foal" that is not affected by this issue, but hasn't been released yet. As the Lua implementation of this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

N/A

HTTP请求的解释不一致性(HTTP请求私运)

Apache Pony Mail 环境问题漏洞

Apache Pony Mail是美国阿帕奇（Apache）基金会的一款具有邮件归档、查看和交互功能的插件。 Apache Pony Mail存在环境问题漏洞，该漏洞源于HTTP请求解释不一致，可能导致管理员账户接管。以下版本受到影响：所有Lua实现版本。

N/A

N/A