Browse all 5 CVE security advisories affecting bulwarkmail. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Bulwarkmail provides secure email hosting services focused on privacy and encryption for businesses and individuals. Historically, the service has been affected by multiple cross-site scripting (XSS) vulnerabilities, remote code execution flaws, and privilege escalation issues across its web interface and API. While no major public security incidents have been documented, the five recorded CVEs highlight ongoing challenges in input validation and access control. The platform maintains standard encryption protocols but has faced criticism for inconsistent patch management, leaving some customer data potentially exposed during vulnerability windows.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-35391 | Bulwark Webmail getClientIP() trusted client-controlled X-Forwarded-For value, enabling rate limit bypass and audit log forgery — webmailCWE-348 | 9.1AI | CriticalAI | 2026-04-06 |
| CVE-2026-35390 | Content-Security-Policy was set to Report-Only mode, failing to block XSS attacks — webmailCWE-79 | 5.4AI | MediumAI | 2026-04-06 |
| CVE-2026-35389 | Bulwark Webmail S/MIME signature verification accepted self-signed certificates — webmailCWE-295 | 5.3AI | MediumAI | 2026-04-06 |
| CVE-2026-34834 | Bulwark Webmail: Authentication Bypass in verifyIdentity() due to missing cookie validation — webmailCWE-287 | 8.2AI | HighAI | 2026-04-02 |
| CVE-2026-34833 | Bulwark Webmail: Information Exposure: password returned in /api/auth/session — webmailCWE-312 | 7.5AI | HighAI | 2026-04-02 |
This page lists every published CVE security advisory associated with bulwarkmail. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.