CVE-2026-44400

Name of the Vulnerable Software and Affected Versions MailEnable Enterprise Premium versions prior to 10.56

Description Improper authorization in the WebAdmin mobile portal allows attackers to bypass authentication checks by reusing AuthenticationToken cookies generated for low-privileged users. An attacker can obtain a token from the 'WebMail login' endpoint using the PersistentLogin parameter and replay it against the WebAdmin portal to perform highly privileged administrative actions.

Recommendations Update to a version later than 10.55.