CVE-2026-29962

Name of the Vulnerable Software and Affected Versions HSC MailInspector version 5.3.3-7

Description A Local File Inclusion (LFI) issue exists due to improper control of user-supplied file paths. The endpoint '/vendor/phpunit/phpunit.php' processes user-controlled parameters that affect file access operations without adequate validation, sanitization, or path restriction. This allows a remote attacker to use Path Traversal—a technique used to access files and directories that are stored outside the web root folder—to read arbitrary files from the application directories and the underlying operating system, resulting in the disclosure of sensitive information.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.