CVE-2026-41113

CVSS v3.1

8.1

High

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions sagredo qmail versions prior to 2026.04.07

Description Remote code execution is possible due to the use of the popen() function within the notlshosts auto function in the qmail-remote.c file, which can be triggered via the 'tls quit' command.

Recommendations Update to version 2026.04.07.

Fix

RCE

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2026-41113

Affected Products

Sagredo Qmail

CVE-2026-41113

Weakness Enumeration

Related Identifiers

Affected Products

References · 9