Browse all 3 CVE security advisories affecting tutao. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Tutao develops and operates the secure email and cloud storage provider Tutanota, focusing on privacy-centric communication solutions. Historically, the platform has been affected by vulnerabilities including cross-site scripting (XSS), remote code execution (RCE), and privilege escalation flaws. Notable security characteristics include its end-to-end encryption approach, though past incidents have exposed weaknesses in input validation and access controls. The three recorded CVEs highlight recurring themes in web application security, particularly around improper neutralization of input during web page generation and insufficient access restrictions. These findings suggest ongoing challenges in maintaining robust security while preserving user-friendly functionality in a privacy-focused environment.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-23655 | Attacker can prevent users from accessing received emails — tutanotaCWE-20 | 7.5 | High | 2024-01-25 |
| CVE-2024-23330 | Tuta loads images from external resources — tutanotaCWE-918 | 5.3 | Medium | 2024-01-23 |
| CVE-2023-46116 | Remote Code Execution via insufficiently sanitized call to shell.openExternal — tutanotaCWE-20 | 9.3 | Critical | 2023-12-15 |
This page lists every published CVE security advisory associated with tutao. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.