Primary

Context

Openfind MailGates/MailAudit CRLF Injection Vulnerability Allowing Unauthenticated File Read

Vulnerability

Patched

A CRLF injection vulnerability has been identified in Openfind's MailGates/MailAudit, specifically in versions 6.0 prior to 6.1.10.054 and 5.0 prior to 5.2.10.099. This vulnerability allows unauthenticated remote attackers to inject carriage return and line feed characters, potentially leading to the manipulation of HTTP headers. Exploitation of this vulnerability could enable attackers to read sensitive system files.

Impact

Exploitation of this vulnerability could result in unauthorized access to system files, potentially leading to further exploitation or information disclosure.

Remediation

Users of MailGates/MailAudit 6.0 should update to version 6.1.10.054 or later. Users of MailGates/MailAudit 5.0 should update to version 5.2.10.099 or later.

Added: Apr 16, 2026, 3:21 AM

Updated: Apr 16, 2026, 3:21 AM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

0.8

exploitability

7.6

remediation

7.7

relevance

6.0

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

0.8

exploitability

7.6

remediation

7.7

relevance

6.0

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Openfind MailGates/MailAudit CRLF Injection Vulnerability Allowing Unauthenticated File Read

Vulnerability

Impact

Remediation

Affected Products

Openfind MailAudit

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating