Postorius · Postorius · CVE-2026-44742
**Name of the Vulnerable Software and Affected Versions**
Postorius versions prior to 1.3.14
**Description**
The software fails to escape HTML in the message subject when rendering it within the Held messages pop-up. This issue was exploited in the wild in May 2026.
**Recommendations**
Update to a version newer than 1.3.13.