Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

MailEnable — Vulnerabilities & Security Advisories 29

Browse all 29 CVE security advisories affecting MailEnable. AI-powered Chinese analysis, POCs, and references for each vulnerability.

MailEnable is an enterprise email server solution designed for Microsoft Windows environments, providing SMTP, POP3, and IMAP services alongside webmail and groupware functionalities. Historically, the software has been a frequent target for security researchers due to a significant volume of recorded vulnerabilities, currently totaling 28 CVEs. These flaws predominantly involve remote code execution, cross-site scripting, and privilege escalation, often stemming from inadequate input validation and improper access controls within its web interface and service components. Notable incidents include critical buffer overflow vulnerabilities that allowed attackers to execute arbitrary code with system-level privileges, compromising entire mail infrastructure. The persistent presence of these high-severity issues highlights the necessity for rigorous patch management and secure configuration practices when deploying this platform in production environments to mitigate the risk of unauthorized access and data exfiltration.

Top products by MailEnable: MailEnable MailEnable Enterprise Premium
CVE IDTitleCVSSSeverityPublished
CVE-2026-44400 MailEnable Enterprise Premium < 10.55 Authorization Bypass via WebAdmin — MailEnable Enterprise PremiumCWE-639 8.1 High2026-05-08
CVE-2026-32852 MailEnable < 10.55 Reflected XSS via FreeBusy.aspx StartDate Parameter — MailEnableCWE-79 6.1 -2026-03-23
CVE-2026-32851 MailEnable < 10.55 Reflected XSS via FreeBusy.aspx StartDate Parameter — MailEnableCWE-79 6.1 -2026-03-23
CVE-2026-32850 MailEnable < 10.55 Reflected XSS via ManageShares.aspx SelectedIndex Parameter — MailEnableCWE-79 6.1 -2026-03-23
CVE-2025-34427 MailEnable < 10.54 Cleartext Credential Storage in AUTH.TAB — MailEnableCWE-312 7.8AIHighAI2025-12-10
CVE-2025-34428 MailEnable < 10.54 Cleartext Credential Storage in AUTH.SAV — MailEnableCWE-312 7.8AIHighAI2025-12-10
CVE-2025-34421 MailEnable < 10.54 DLL Hijacking via Unsafe Loading of MEAISP.DLL — MailEnableCWE-427 6.7AIMediumAI2025-12-10
CVE-2025-34417 MailEnable < 10.54 DLL Hijacking via Unsafe Loading of MEAISO.DLL — MailEnableCWE-427 6.7AIMediumAI2025-12-10
CVE-2025-34419 MailEnable < 10.54 DLL Hijacking via Unsafe Loading of MEAISM.DLL — MailEnableCWE-427 6.7AIMediumAI2025-12-10
CVE-2025-34416 MailEnable < 10.54 DLL Hijacking via Unsafe Loading of MEAIPO.DLL — MailEnableCWE-427 6.7AIMediumAI2025-12-10
CVE-2025-34422 MailEnable < 10.54 DLL Hijacking via Unsafe Loading of MEAIPC.DLL — MailEnableCWE-427 6.7AIMediumAI2025-12-10
CVE-2025-34418 MailEnable < 10.54 DLL Hijacking via Unsafe Loading of MEAIMF.DLL — MailEnableCWE-427 6.7AIMediumAI2025-12-10
CVE-2025-34424 MailEnable < 10.54 DLL Hijacking via Unsafe Loading of MEAIDP.DLL — MailEnableCWE-427 6.7AIMediumAI2025-12-10
CVE-2025-34423 MailEnable < 10.54 DLL Hijacking via Unsafe Loading of MEAIAU.DLL — MailEnableCWE-427 6.7AIMediumAI2025-12-10
CVE-2025-34420 MailEnable < 10.54 DLL Hijacking via Unsafe Loading of MEAIAM.DLL — MailEnableCWE-427 6.7AIMediumAI2025-12-10
CVE-2025-34425 MailEnable < 10.54 Reflected XSS in WindowContext Parameter of MAI/compose.aspx — MailEnableCWE-79 6.1AIMediumAI2025-12-09
CVE-2025-34396 MailEnable < 10.54 DLL Hijacking via Unsafe Loading of MEAINFY.DLL — MailEnableCWE-427 6.5AIMediumAI2025-12-09
CVE-2025-34408 MailEnable < 10.54 Reflected XSS in Added Parameter of MAI/AddRecipientsResult.aspx — MailEnableCWE-79 6.1 -2025-12-09
CVE-2025-34398 MailEnable < 10.54 Reflected XSS in AddressesBcc Parameter of AddressBook.aspx — MailEnableCWE-79 6.1 -2025-12-09
CVE-2025-34399 MailEnable < 10.54 Reflected XSS in AddressesCc Parameter of AddressBook.aspx — MailEnableCWE-79 6.1 -2025-12-09
CVE-2025-34400 MailEnable < 10.54 Reflected XSS in AddressesTo Parameter of AddressBook.aspx — MailEnableCWE-79 6.1 -2025-12-09
CVE-2025-34409 MailEnable < 10.54 Reflected XSS in Failed Parameter of MAI/AddRecipientsResult.aspx — MailEnableCWE-79 6.1 -2025-12-09
CVE-2025-34401 MailEnable < 10.54 Reflected XSS in FieldBcc Parameter of AddressBook.aspx — MailEnableCWE-79 6.1 -2025-12-09
CVE-2025-34402 MailEnable < 10.54 Reflected XSS in FieldCc Parameter of AddressBook.aspx — MailEnableCWE-79 6.1 -2025-12-09
CVE-2025-34403 MailEnable < 10.54 Reflected XSS in FieldTo Parameter of AddressBook.aspx — MailEnableCWE-79 6.1 -2025-12-09
CVE-2025-34406 MailEnable < 10.54 Reflected XSS in Id Parameter of Mobile/ContactDetails.aspx — MailEnableCWE-79 6.1 -2025-12-09
CVE-2025-34404 MailEnable < 10.54 Reflected XSS in InstanceScope Parameter of CAL/compose.aspx — MailEnableCWE-79 6.1 -2025-12-09
CVE-2025-34397 MailEnable < 10.54 Reflected XSS in Message Parameter of Mobile/Compose.aspx — MailEnableCWE-79 6.1 -2025-12-09
CVE-2025-34407 MailEnable < 10.54 Reflected XSS in theme Parameter of Statistics.aspx — MailEnableCWE-79 6.1 -2025-12-09

This page lists every published CVE security advisory associated with MailEnable. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.