Primary

Context

Bulwark Webmail S/MIME Signature Verification Vulnerability Allowing Trusting of Untrusted Certificates

Vulnerability

A vulnerability exists in Bulwark Webmail, a self-hosted webmail client for Stalwart Mail Server, in versions prior to 1.4.11. The issue arises because S/MIME signature verification did not properly validate the certificate trust chain, allowing emails signed with self-signed or untrusted certificates to be incorrectly displayed as having valid signatures. This vulnerability is particularly concerning for users who relied on the S/MIME signature verification feature.

Impact

The vulnerability allows S/MIME signature verification to accept self-signed certificates, leading to incorrect validation of email signatures.

Remediation

Users are advised to upgrade to Bulwark Webmail version 1.4.11 or later, where this vulnerability has been fixed by enabling proper certificate chain validation. There are no workarounds available.

Added: Apr 6, 2026, 9:26 PM

Updated: Apr 6, 2026, 9:26 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.2

remediation

0.0

relevance

5.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.2

remediation

0.0

relevance

5.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Bulwark Webmail S/MIME Signature Verification Vulnerability Allowing Trusting of Untrusted Certificates

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating