Answer Brief
TWCERT/CC published TVN-202604003 detailing two vulnerabilities in Openfind’s MailGates/MailAudit email security/audit products. One issue (CVE-2026-6350) is a critical stack-based buffer overflow rated 9.8 that could allow unauthenticated remote code execution. The second (CVE-2026-6351) is a high-severity CRLF injection rated 7.5 that could allow unauthenticated access to system files. Openfind’s technical team reported the issues; updates are available for affected versions.
Executive Summary: TWCERT/CC published TVN-202604003 detailing two vulnerabilities in Openfind’s MailGates/MailAudit email security/audit products. One issue (CVE-2026-6350) is a critical stack-based buffer overflow rated 9.8 that could allow unauthenticated remote code execution. The second (CVE-2026-6351) is a high-severity CRLF injection rated 7.5 that could allow unauthenticated access to system files. Openfind’s technical team reported the issues; updates are available for affected versions.
Why It Matters
TWCERT/CC’s advisory is a high-signal item for security and infrastructure teams because both vulnerabilities are described as remotely exploitable without authentication and affect email security/audit systems—assets that are often internet-facing or placed on high-trust network segments.
The first flaw, CVE-2026-6350, is a stack-based buffer overflow rated critical (9.8) with impact across confidentiality, integrity, and availability in the CVSS vector. As described by TWCERT/CC, an unauthenticated remote attacker could control execution flow and run arbitrary code, which elevates this from a typical bug to a potential foothold mechanism against enterprise messaging environments.
The second flaw, CVE-2026-6351, is a CRLF injection rated high (7.5). TWCERT/CC states it could allow unauthenticated access to system files, implying a path to sensitive data exposure depending on deployment and OS hardening.
Why this Taiwan-origin bulletin matters globally: Openfind products are deployed in enterprise mail security and auditing contexts where compromise can have outsized downstream effects (visibility into mail flows, policy enforcement, and potential access to sensitive content). Even if an organization is outside Taiwan, TWCERT/CC disclosures frequently serve as early indicators of vulnerabilities in regional enterprise infrastructure products that may be used by multinational subsidiaries, suppliers, or managed service providers.
TWCERT/CC lists fixed versions and recommends updating MailGates/MailAudit 6.0 to 6.1.10.054 or later, and 5.0 to 5.2.10.099 or later. The advisory does not provide exploitation details, indicators of compromise, or confirmation of in-the-wild activity; defenders should treat impact as plausible based on the vulnerability class and CVSS, while tracking for additional public technical write-ups or exploitation reports as they emerge.
Event Type: security
Importance: high
Affected Companies
- Openfind (網擎資訊)
Affected Sectors
- Cybersecurity
- Email Security
- Enterprise IT
Key Numbers
- TVN ID: TVN-202604003
- CVE-2026-6350 CVSS v3.1: 9.8 (Critical) / AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- CVE-2026-6351 CVSS v3.1: 7.5 (High) / AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- MailGates/MailAudit 6.0 affected: Versions earlier than 6.1.10.054 (not included)
- MailGates/MailAudit 5.0 affected: Versions earlier than 5.2.10.099 (not included)
- Public disclosure date: 2026-04-16
Timeline
- TWCERT/CC publishes TVN-202604003 disclosing CVE-2026-6350 and CVE-2026-6351 affecting MailGates/MailAudit; fixes recommended via version updates.