CVE-2026-32850

Name of the Vulnerable Software and Affected Versions MailEnable versions prior to 10.55

Description The software contains a reflected cross-site scripting issue in the webmail interface. This allows remote attackers to execute arbitrary JavaScript in a victim’s browser by using a malicious URL. Attackers can inject malicious code through the SelectedIndex parameter in the ManageShares.aspx form, which is not properly sanitized before being included in dynamically generated JavaScript.

Recommendations Update MailEnable to version 10.55 or later.