Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.7
CVE-2026-44400: MailEnable Enterprise Premium: Unauthorized Access to Admin Tools
CVE-2026-44400
Summary
MailEnable's Enterprise Premium version 10.55 and earlier has a security issue that lets attackers gain access to administrative tools without permission. This is because the system doesn't properly check user credentials when trying to access sensitive areas. To fix this, update to the latest version of MailEnable Enterprise Premium.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions |
|---|---|---|
| mailenable | mailenable |
< 10.56 cpe:2.3:a:mailenable:mailenable:*:*:*:*:enterprise_premium:*:*:* |
Original title
MailEnable Enterprise Premium 10.55 and earlier contains an improper authorization vulnerability in the WebAdmin mobile portal that allows attackers to bypass authentication checks by reusing Authe...
Original description
MailEnable Enterprise Premium 10.55 and earlier contains an improper authorization vulnerability in the WebAdmin mobile portal that allows attackers to bypass authentication checks by reusing AuthenticationToken cookies generated for low-privileged users. Attackers can obtain a token from the WebMail login endpoint using the PersistentLogin parameter and replay it against the WebAdmin portal to perform highly privileged administrative actions.
nvd CVSS3.1
8.1
nvd CVSS4.0
8.7
Vulnerability type
CWE-639
Authorization Bypass Through User-Controlled Key
Published: 8 May 2026 · Updated: 1 Jun 2026 · First seen: 8 May 2026