CVE-2026-29962
Published: 18 May 2026
Summary
CVE-2026-29962 is a high-severity External Control of File Name or Path (CWE-73) vulnerability in Hsclabs Mailinspector. Its CVSS base score is 7.5 (High).
Operationally, ranked at the 15.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Rejects externally supplied file or resource identifiers that fail validity checks.
NVD Description
HSC MailInspector v5.3.3-7 contains a Local File Inclusion (LFI) vulnerability caused by improper control of user-supplied file paths. The endpoint /vendor/phpunit/phpunit.php processes user-controlled parameters that directly affect file access operations without adequate validation, sanitization, or path restriction. This allows a…
more
remote attacker to exploit Path Traversal techniques to read arbitrary files from the underlying operating system and application directories, leading to sensitive information disclosure.
Deeper analysisAI
Automated synthesis unavailable for this CVE.
Details
- CWE(s)