MailGates/MailAudit CRLF Injection Exposes System Files
A critical CRLF Injection vulnerability, identified as CVE-2026-6351, has been reported in Openfind’s MailGates and MailAudit products. According to the National Vulnerability Database, this flaw allows unauthenticated remote attackers to exploit the system, granting them the ability to read sensitive system files. This is a pretty gnarly bug, especially for email security solutions that are often internet-facing.
The National Vulnerability Database has assigned CVE-2026-6351 a CVSS v3.1 score of 7.5, classifying it as HIGH severity. The CVSS vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N highlights a network-exploitable vulnerability with low attack complexity, requiring no privileges or user interaction. The primary impact noted is high confidentiality, meaning attackers can gain significant access to information.
Related ATT&CK Techniques
🛡️ Detection Rules
4 rules · 6 SIEM formats4 auto-generated detection rules for this incident, mapped to MITRE ATT&CK. Available in Sigma, Splunk SPL, Sentinel KQL, Elastic Lucene, QRadar AQL, and Wazuh.
Web Application Exploitation Attempt — CVE-2026-6351
Want this in your SIEM's native format? Get Splunk SPL, Sentinel KQL, Elastic, QRadar AQL, or Wazuh — ready to paste.
4 Sigma rules mapped to the ATT&CK techniques from this breach — pick your SIEM and get a ready-to-paste query.
Get All SIEM Formats →Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-6351 | CRLF Injection | Openfind MailGates |
| CVE-2026-6351 | CRLF Injection | Openfind MailAudit |
| CVE-2026-6351 | Information Disclosure | Read system files |
Related Posts
CVE-2026-40118 — Information Disclosure
CVE-2026-40118 — UDP Console provided by Arcserve contains an incorrectly specified destination in a communication channel vulnerability. When a user configures an activation server hostname...
CVE-2026-22616 — Eaton Intelligent Power Protector (IPP) software allows
CVE-2026-22616 — Eaton Intelligent Power Protector (IPP) software allows repeated authentication attempts against the web interface login page due to insufficient rate‑limiting controls. This security issue has been fixed...
CVE-2026-22615 — Due to improper input validation in one of the Eaton
CVE-2026-22615 — Due to improper input validation in one of the Eaton Intelligent Power Protector (IPP) XML, it is possible for an attacker with admin...