Jens

**Name of the Vulnerable Software and Affected Versions** Claws Mail version 3.14.1 **Description** The issue allows an attacker with S/MIME or PGP encrypted emails to craft a multipart email, hiding the encrypted parts using HTML/CSS or ASCII newline characters. If the receiver replies to this email, they may unknowingly leak the plaintext of the encrypted message back to the attacker. **Recommendations** For Claws Mail version 3.14.1, as a temporary workaround, consider disabling the reply function for emails with encrypted parts until a patch is available. Restrict access to sensitive emails and avoid using HTML/CSS or ASCII newline characters in emails to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.