Pony Mail · Pony Mail · CVE-2026-41873
**Name of the Vulnerable Software and Affected Versions**
Pony Mail (Lua implementation) (affected versions not specified)
**Description**
Inconsistent interpretation of HTTP requests, known as HTTP Request/Response Smuggling, allows for admin account takeover. This occurs when a front-end server and a back-end server disagree on the boundaries of an HTTP request, potentially allowing an attacker to "smuggle" a request to the back-end.
**Recommendations**
Restrict access to the instance to trusted users.
Find an alternative software solution.