Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.5
Stalwart Mail Server: Crashing Email Can Freeze or Crash Server
CVE-2026-26312
Summary
The Stalwart Mail Server versions 0.13.0 to 0.15.4 can crash or freeze if an attacker sends a special type of email. This can happen when using IMAP or JMAP to access emails. Update to version 0.15.5 to fix the issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| stalw | stalwart | > 0.13.0 , <= 0.15.5 | – |
Original title
Stalwart is a mail and collaboration server. A denial-of-service vulnerability exists in Stalwart Mail Server versions 0.13.0 through 0.15.4 where accessing a specially crafted email containing mal...
Original description
Stalwart is a mail and collaboration server. A denial-of-service vulnerability exists in Stalwart Mail Server versions 0.13.0 through 0.15.4 where accessing a specially crafted email containing malformed nested `message/rfc822` MIME parts via IMAP or JMAP causes excessive CPU and memory consumption, potentially leading to an out-of-memory condition and server crash. The malformed structure causes the `mail-parser` crate to produce cyclical references in its parsed representation, which Stalwart then follows indefinitely. Version 0.15.5 contains a patch.
nvd CVSS3.1
6.5
Vulnerability type
CWE-770
Allocation of Resources Without Limits
- https://github.com/stalwartlabs/stalwart/security/advisories/GHSA-jm95-876q-c9gw Vendor Advisory Exploit
Published: 19 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026