CVE-2026-29962

Published: May 18, 2026

Modified: May 19, 2026

PUBLISHED

Description

HSC MailInspector v5.3.3-7 contains a Local File Inclusion (LFI) vulnerability caused by improper control of user-supplied file paths. The endpoint /vendor/phpunit/phpunit.php processes user-controlled parameters that directly affect file access operations without adequate validation, sanitization, or path restriction. This allows a remote attacker to exploit Path Traversal techniques to read arbitrary files from the underlying operating system and application directories, leading to sensitive information disclosure.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/sql3t0/cve-disclosures

https://hsclabs.com/pt-br/mailinspector

https://github.com/sql3t0/cve-disclosures/blob/main/01_-_CVE-2026-29962_LFI%2BPath_Traversal.md

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-29962

Description

Affected Products

References