CVE-2026-6350
Published: 16 April 2026
Summary
CVE-2026-6350 is a critical-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Org (inferred from references). Its CVSS base score is 9.3 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 49.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2026-6350 is a stack-based buffer overflow vulnerability (CWE-121) in MailGates and MailAudit, products developed by Openfind. The flaw allows unauthenticated remote attackers to overwrite the stack and control the program's execution flow, potentially leading to arbitrary code execution. It received a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its network accessibility, low attack complexity, and lack of prerequisites.
Unauthenticated attackers on the network can exploit this vulnerability by sending specially crafted input that triggers the buffer overflow. Successful exploitation grants full control over the affected process, enabling arbitrary code execution with the privileges of the MailGates or MailAudit service, which could result in complete system compromise, data theft, or further lateral movement within the network.
Advisories from TWCERT/CC, available at the referenced URLs, document the vulnerability but do not provide specific details on patches or mitigations in the available information. Security practitioners should monitor these sources and Openfind for updates on remediation.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-23166
Vulnerability details
MailGates/MailAudit developed by Openfind has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to control the program's execution flow and execute arbitrary code.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is a remote unauthenticated stack-based buffer overflow in the public-facing MailGates/MailAudit application, directly enabling T1190 (Exploit Public-Facing Application) for arbitrary code execution and system compromise.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
SI-2 requires timely remediation of flaws like this stack-based buffer overflow, directly preventing exploitation through patching.
SI-10 mandates validation of information inputs, directly countering specially crafted inputs that trigger the buffer overflow.
SI-16 implements memory protections such as stack canaries or DEP to block unauthorized code execution from stack overflows.