PT-2026-38553 · Postorius+2 · Postorius+2

Alyssa Ross

·

Published

2026-05-07

·

Updated

2026-05-27

·

CVE-2026-44742

CVSS v3.1

7.2

High

VectorAV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions Postorius versions prior to 1.3.14
Description The software fails to escape HTML in the message subject when rendering it within the Held messages pop-up. This issue was exploited in the wild in May 2026.
Recommendations Update to a version newer than 1.3.13.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-44742
GHSA-R7C9-7PJQ-HMM8
USN-8323-1

Affected Products

Linuxmint
Postorius
Ubuntu