NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-29962

Summary	HSC MailInspector v5.3.3-7 contains a Local File Inclusion (LFI) vulnerability caused by improper control of user-supplied file paths. The endpoint /vendor/phpunit/phpunit.php processes user-controlled parameters that directly affect file access operations without adequate validation, sanitization, or path restriction. This allows a remote attacker to exploit Path Traversal techniques to read arbitrary files from the underlying operating system and application directories, leading to sensitive information disclosure.
Publication Date	May 19, 2026, 3:17 a.m.
Registration Date	May 19, 2026, 4:15 a.m.
Last Update	May 19, 2026, 3:17 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://github.com/sql3t0/cve-disclosures	cve@mitre.org
2	https://github.com/sql3t0/cve-disclosures/blob/main/01_-_CVE-2026-29962_LFI%2BPath_Traversal.md	cve@mitre.org
3	https://hsclabs.com/pt-br/mailinspector	cve@mitre.org

Common Vulnerabilities List