CVE-2026-42193: Plunk Email Platform Critical Unauthenticated Webhook Forgery
The National Vulnerability Database has detailed CVE-2026-42193, a critical vulnerability in Plunk, an open-source email platform leveraging AWS SES. Prior to version 0.9.0, the /webhooks/sns endpoint failed to properly validate Amazon SNS notification payloads. This oversight allowed unauthenticated requests to bypass critical security checks, specifically the SNS signature, certificate, and topic ARN.
This flaw enables an unauthenticated attacker to forge seemingly legitimate SNS events. The implications are severe: attackers can trigger arbitrary workflow automations, unsubscribe contacts, manipulate critical email delivery metrics, and potentially exhaust an organization’s billing credits. The CVSSv3.1 score of 9.1 (CRITICAL) underscores the high impact on integrity and availability, coupled with zero authentication requirements.
Plunk has addressed this issue in version 0.9.0. Organizations utilizing Plunk are strongly advised to update their installations immediately to mitigate this unauthenticated remote exploitation vector. Failure to do so leaves a wide-open door for attackers to disrupt email operations and incur significant costs.
What This Means For You
- If your organization uses Plunk, check your version immediately. This isn't theoretical; an unauthenticated attacker can spoof SNS events to trigger workflow automations, unsubscribe contacts, and even manipulate billing. Patch to version 0.9.0 without delay.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-42193: Plunk Unauthenticated SNS Webhook Forgery
title: CVE-2026-42193: Plunk Unauthenticated SNS Webhook Forgery
id: scw-2026-05-08-ai-1
status: experimental
level: critical
description: |
Detects unauthenticated POST requests to the '/webhooks/sns' endpoint in Plunk Email Platform, indicating potential exploitation of CVE-2026-42193. This vulnerability allows attackers to forge SNS notification payloads without signature verification, enabling them to trigger workflow automations, manipulate delivery metrics, or exhaust billing credits.
author: SCW Feed Engine (AI-generated)
date: 2026-05-08
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-42193/
tags:
- attack.initial_access
- attack.t1190
logsource:
category: webserver
detection:
selection:
cs-uri|contains:
- '/webhooks/sns'
cs-method|exact:
- 'POST'
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-42193 | Auth Bypass | Plunk email platform versions prior to 0.9.0 |
| CVE-2026-42193 | Auth Bypass | Plunk /webhooks/sns endpoint |
| CVE-2026-42193 | Misconfiguration | Lack of Amazon SNS signature, certificate, or topic ARN verification |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 09, 2026 at 01:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
CVE-2026-6667 — PgBouncer before 1.25.2 did not perform an appropriate
CVE-2026-6667 — PgBouncer before 1.25.2 did not perform an appropriate authorization check for the KILL_CLIENT admin command. All users with access to the administration console...
CVE-2026-6666 — A possible null pointer reference in PgBouncer before
CVE-2026-6666 — A possible null pointer reference in PgBouncer before 1.25.2 could lead to a crash, if a server sends an error response without SQLSTATE...
PgBouncer SCRAM Vulnerability (CVE-2026-6665) Allows Stack Overflow
CVE-2026-6665 — The SCRAM code in PgBouncer before 1.25.2 did not check the return value of strlcat() correctly when building the contents of the SCRAM...