Cyber Resilience

CVE-2026-6350

Critical

Published: 16 April 2026

Published
16 April 2026
Modified
19 May 2026
KEV Added
Patch
CVSS Score v4 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0076 50.7th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2026-6350 is a critical-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Org (inferred from references). Its CVSS base score is 9.3 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 49.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2026-6350 is a stack-based buffer overflow vulnerability (CWE-121) in MailGates and MailAudit, products developed by Openfind. The flaw allows unauthenticated remote attackers to overwrite the stack and control the program's execution flow, potentially leading to arbitrary code execution. It received a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its network accessibility, low attack complexity, and lack of prerequisites.

Unauthenticated attackers on the network can exploit this vulnerability by sending specially crafted input that triggers the buffer overflow. Successful exploitation grants full control over the affected process, enabling arbitrary code execution with the privileges of the MailGates or MailAudit service, which could result in complete system compromise, data theft, or further lateral movement within the network.

Advisories from TWCERT/CC, available at the referenced URLs, document the vulnerability but do not provide specific details on patches or mitigations in the available information. Security practitioners should monitor these sources and Openfind for updates on remediation.

EU & UK References

Vulnerability details

MailGates/MailAudit developed by Openfind has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to control the program's execution flow and execute arbitrary code.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

The vulnerability is a remote unauthenticated stack-based buffer overflow in the public-facing MailGates/MailAudit application, directly enabling T1190 (Exploit Public-Facing Application) for arbitrary code execution and system compromise.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-38422Shared CWE-121
CVE-2025-11783Shared CWE-121
CVE-2025-54491Shared CWE-121
CVE-2024-39359Shared CWE-121
CVE-2026-42469Shared CWE-121
CVE-2020-37159Shared CWE-121
CVE-2024-39603Shared CWE-121
CVE-2024-36258Shared CWE-121
CVE-2024-51138Shared CWE-121
CVE-2025-69763Shared CWE-121

Affected Assets

Org
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-2 requires timely remediation of flaws like this stack-based buffer overflow, directly preventing exploitation through patching.

prevent

SI-10 mandates validation of information inputs, directly countering specially crafted inputs that trigger the buffer overflow.

prevent

SI-16 implements memory protections such as stack canaries or DEP to block unauthorized code execution from stack overflows.

References