PT-2026-38553 · Postorius+2 · Postorius+2
Alyssa Ross
·
Published
2026-05-07
·
Updated
2026-05-27
·
CVE-2026-44742
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Postorius versions prior to 1.3.14
Description
The software fails to escape HTML in the message subject when rendering it within the Held messages pop-up. This issue was exploited in the wild in May 2026.
Recommendations
Update to a version newer than 1.3.13.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Linuxmint
Postorius
Ubuntu