CVE-2026-29963

⚠️ high

Summary

HSC MailInspector 5.3.3-7 has a Path Traversal vulnerability due to improper validation of user-supplied input in the /tap/dw.php endpoint. The text parameter is used to construct file paths without adequate normalization or restriction to a safe base directory. A remote attacker can exploit this flaw to access arbitrary files on the underlying operating system, resulting in unauthorized disclosure of sensitive information.

CVSS Score

7.5

High

EPSS Score

0.1

Exploit Probability

Published Date

2026-05-18

First Seen: 2026-05-19

📊 Relative Risk Intelligence

This CVE is Moderate Risk - more severe than 69.0% of all 326,604 vulnerabilities in our database.

#101,315

Above average severity

Severity Percentile

🎯 CISA SSVC Assessment Updated: May 19, 2026

🔍 Exploitation Status

None

No known exploits

⚙️ Automatable

YES

Can be exploited automatically

💥 Technical Impact

Partial

Limited system impact

SSVC data provided by CISA

Last Modified 2026-05-19

Source NVD 🔗

CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE IDs (Weakness Types)

CWE-22

📦 Affected Products 1

Vendor	Product	Status	Affected Versions
hsclabs	mailinspector	Affected	v5.3.3-7

🔗 References 3

https://github.com/sql3t0/cve-disclosures

Third Party Advisory

https://github.com/sql3t0/cve-disclosures/blob/main/...

Third Party Advisory

https://hsclabs.com/pt-br/mailinspector/

Product

🔗 Related CVEs 6

CVE ID	Severity	CVSS	EPSS	Summary	Published
CVE-2026-29962	⚠️ high	7.5	0.1	HSC MailInspector v5.3.3-7 contains a Local File Inclusion (LFI) vulnerability caused by improper control of user-suppli...	2026-05-18
CVE-2026-29964	🔶 medium	6.1	0.0	HSC MailInspector v5.3.3-7 contains a Cross-Site Scripting (XSS) vulnerability in the /tap/tap.php endpoint due to impro...	2026-05-18
CVE-2026-29965	🔶 medium	6.1	0.0	HSC MailInspector 5.3.3-7 is vulnerable to Cross Site Scripting (XSS) in the /police/WarningUrlPage.php endpoint due to ...	2026-05-18
CVE-2024-32369	🔶 medium	4.3	2.0	SQL Injection vulnerability in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a remote attacker to ob...	2024-05-07
CVE-2024-32370	⛔ critical	9.8	3.5	An issue in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a remote attacker to obtain sensitive info...	2024-05-07
CVE-2024-32371	⚠️ high	7.5	0.7	An issue in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a regular user account to escalate their p...	2024-05-07

These CVEs affect the same products