CVE-2026-26312

Name of the Vulnerable Software and Affected Versions Stalwart Mail Server versions 0.13.0 through 0.15.4

Description A denial-of-service condition exists in Stalwart Mail Server when processing specially crafted emails. Accessing an email with malformed nested message/rfc822 MIME parts through IMAP or JMAP can lead to excessive CPU and memory usage, potentially causing an out-of-memory condition and server crash. The issue stems from cyclical references created by the mail-parser crate during parsing, which Stalwart then indefinitely processes.

Recommendations Versions prior to 0.15.5 are affected. Update to version 0.15.5 or later to resolve this issue.