CVE-2026-13164 (GCVE-0-2026-13164)
Vulnerability from cvelistv5 – Published: 2026-06-24 15:37 – Updated: 2026-06-24 16:43
VLAI
Title
Unauthenticated self-registration in MailerUp allows access to stored email data
Summary
Missing Authentication for Critical Function (CWE-306) in the RegisterView (apps/accounts/views.py), exposed at POST /api/auth/register/, in MailerUp <1.0.1 allows a remote, unauthenticated attacker to self-register a working account on instances where registration is intended to be restricted, because the endpoint applies the AllowAny permission with no email verification, CAPTCHA, or administrator approval. Any account created this way can read all email stored by the instance, resulting in full disclosure of stored messages to an arbitrary unauthenticated attacker
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-306 - Missing authentication for critical function
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/Maalfer/mailerup/commit/99eb6d… | patch |
| https://secur0.com/en/cna/cve-list/cve-2026-13164… | technical-descriptionrelated |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-13164",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-24T16:42:15.974524Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-24T16:43:56.757Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mailerup",
"repo": "https://github.com/Maalfer/mailerup",
"vendor": "Mailerup",
"versions": [
{
"lessThan": "1.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mailerup:mailerup:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.0.1",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dario Rivas Quero"
},
{
"lang": "en",
"type": "finder",
"value": "Cristian Fernandez Cornejo"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Mario Alvarez Fernandez"
},
{
"lang": "en",
"type": "analyst",
"value": "Xoan M. Otero Jorge"
},
{
"lang": "en",
"type": "coordinator",
"value": "Secur0 CNA"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authentication for Critical Function (CWE-306) in the \u003ccode\u003eRegisterView\u003c/code\u003e (\u003ccode\u003eapps/accounts/views.py\u003c/code\u003e), exposed at \u003ccode\u003ePOST /api/auth/register/\u003c/code\u003e, in MailerUp \u0026lt;1.0.1 allows a remote, unauthenticated attacker to self-register a working account on instances where registration is intended to be restricted, because the endpoint applies the \u003ccode\u003eAllowAny\u003c/code\u003e permission with no email verification, CAPTCHA, or administrator approval. Any account created this way can read all email stored by the instance, resulting in full disclosure of stored messages to an arbitrary unauthenticated attacker"
}
],
"value": "Missing Authentication for Critical Function (CWE-306) in the RegisterView (apps/accounts/views.py), exposed at POST /api/auth/register/, in MailerUp \u003c1.0.1 allows a remote, unauthenticated attacker to self-register a working account on instances where registration is intended to be restricted, because the endpoint applies the AllowAny permission with no email verification, CAPTCHA, or administrator approval. Any account created this way can read all email stored by the instance, resulting in full disclosure of stored messages to an arbitrary unauthenticated attacker"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing authentication for critical function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-24T15:37:17.398Z",
"orgId": "4daa8cea-433a-44bd-9456-53b127fc289a",
"shortName": "Secur0"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/Maalfer/mailerup/commit/99eb6d4586134bf3f4422093fbf47d6794ef0ee5"
},
{
"tags": [
"technical-description",
"related"
],
"url": "https://secur0.com/en/cna/cve-list/cve-2026-13164-unauthenticated-self-registration-in-mailerup-allows-access-to-stored-email-data"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to version greater or equal than 1.0.1"
}
],
"value": "Upgrade to version greater or equal than 1.0.1"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Unauthenticated self-registration in MailerUp allows access to stored email data",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "4daa8cea-433a-44bd-9456-53b127fc289a",
"assignerShortName": "Secur0",
"cveId": "CVE-2026-13164",
"datePublished": "2026-06-24T15:37:17.398Z",
"dateReserved": "2026-06-24T12:50:14.906Z",
"dateUpdated": "2026-06-24T16:43:56.757Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-13164\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-06-24T16:42:15.974524Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-06-24T16:43:43.433Z\"}}], \"cna\": {\"title\": \"Unauthenticated self-registration in MailerUp allows access to stored email data\", \"source\": {\"discovery\": \"INTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Dario Rivas Quero\"}, {\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Cristian Fernandez Cornejo\"}, {\"lang\": \"en\", \"type\": \"remediation developer\", \"value\": \"Mario Alvarez Fernandez\"}, {\"lang\": \"en\", \"type\": \"analyst\", \"value\": \"Xoan M. Otero Jorge\"}, {\"lang\": \"en\", \"type\": \"coordinator\", \"value\": \"Secur0 CNA\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 8.8, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N\", \"exploitMaturity\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"LOW\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"repo\": \"https://github.com/Maalfer/mailerup\", \"vendor\": \"Mailerup\", \"product\": \"Mailerup\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.0.1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Upgrade to version greater or equal than 1.0.1\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Upgrade to version greater or equal than 1.0.1\", \"base64\": false}]}], \"references\": [{\"url\": \"https://github.com/Maalfer/mailerup/commit/99eb6d4586134bf3f4422093fbf47d6794ef0ee5\", \"tags\": [\"patch\"]}, {\"url\": \"https://secur0.com/en/cna/cve-list/cve-2026-13164-unauthenticated-self-registration-in-mailerup-allows-access-to-stored-email-data\", \"tags\": [\"technical-description\", \"related\"]}], \"x_generator\": {\"engine\": \"Vulnogram 1.0.2\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Missing Authentication for Critical Function (CWE-306) in the RegisterView (apps/accounts/views.py), exposed at POST /api/auth/register/, in MailerUp \u003c1.0.1 allows a remote, unauthenticated attacker to self-register a working account on instances where registration is intended to be restricted, because the endpoint applies the AllowAny permission with no email verification, CAPTCHA, or administrator approval. Any account created this way can read all email stored by the instance, resulting in full disclosure of stored messages to an arbitrary unauthenticated attacker\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Missing Authentication for Critical Function (CWE-306) in the \u003ccode\u003eRegisterView\u003c/code\u003e (\u003ccode\u003eapps/accounts/views.py\u003c/code\u003e), exposed at \u003ccode\u003ePOST /api/auth/register/\u003c/code\u003e, in MailerUp \u0026lt;1.0.1 allows a remote, unauthenticated attacker to self-register a working account on instances where registration is intended to be restricted, because the endpoint applies the \u003ccode\u003eAllowAny\u003c/code\u003e permission with no email verification, CAPTCHA, or administrator approval. Any account created this way can read all email stored by the instance, resulting in full disclosure of stored messages to an arbitrary unauthenticated attacker\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-306\", \"description\": \"CWE-306 Missing authentication for critical function\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:mailerup:mailerup:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"1.0.1\", \"versionStartIncluding\": \"0\"}], \"operator\": \"OR\"}], \"operator\": \"OR\"}], \"providerMetadata\": {\"orgId\": \"4daa8cea-433a-44bd-9456-53b127fc289a\", \"shortName\": \"Secur0\", \"dateUpdated\": \"2026-06-24T15:37:17.398Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-13164\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-06-24T16:43:56.757Z\", \"dateReserved\": \"2026-06-24T12:50:14.906Z\", \"assignerOrgId\": \"4daa8cea-433a-44bd-9456-53b127fc289a\", \"datePublished\": \"2026-06-24T15:37:17.398Z\", \"assignerShortName\": \"Secur0\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…