top of page
perceptive_background_267k.jpg

** UNSUPPORTED WHEN ASSIGNED ** Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in Pony Mail leading to admin acc…

Published:

27 April 2026 at 22:00:00

Alert date:

28 April 2026 at 23:02:15

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies, Email & Messaging

HTTP Request/Response Smuggling vulnerability in Pony Mail's Lua implementation allows admin account takeover. Affects all versions of the Lua implementation. The vulnerability is marked as unsupported when assigned because the Lua implementation is retired and no fix will be released. Users are advised to find alternatives or restrict access to trusted users only. A Python implementation called Pony Mail Foal is under development but not yet released.

Technical details

Mitigation steps:

Affected products:

Pony Mail

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-41873
https://lists.apache.org/thread/1c7jtxjobh280kqc13fzw1cg57xrz951
http://www.openwall.com/lists/oss-security/2026/04/28/17

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page