Volerion logoVolerion
Volerion logoVolerion

Axigen Mail Server Cross-Site Request Forgery Vulnerability in WebAdmin Interface

Vulnerability

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Axigen Mail Server WebAdmin interface, affecting versions prior to 10.5.57 and 10.6.x prior to 10.6.26. The vulnerability arises from improper handling of the '_s' (breadcrumb) parameter, allowing attackers to craft malicious URLs that execute arbitrary administrative actions when clicked by administrators. This exploitation occurs without additional user interaction, potentially leading to the creation of unauthorized administrator accounts or modifications to critical server configurations.

Impact

Exploitation of this vulnerability allows for Cross-Site Request Forgery, enabling attackers to perform actions on behalf of an authenticated administrator, such as creating unauthorized admin accounts or altering essential server settings.

Remediation

Users can update to Axigen versions 10.5.57 or 10.6.26 to address this vulnerability.

Added: Feb 5, 2026, 4:18 PM
Updated: Feb 5, 2026, 9:50 PM

Vulnerability Rating

Custom Algorithm
spread
5.2
impact
5.0
exploitability
6.4
remediation
7.7
relevance
2.5
threat
0.0
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.