CVE-2026-23621 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

GFI MailEssentials AI versions prior to 22.4 contain an arbitrary directory existence enumeration vulnerability in the ListServer.IsPathExist() web method expos…
Medium CVSS: 5.3

CVE-2026-23621

GFI MailEssentials AI versions prior to 22.4 contain an arbitrary directory existence enumeration vulnerability in the ListServer.IsPathExist() web method exposed at /MailEssentials/pages/MailSecurity/ListServer.aspx/IsPathExist. An authenticated user can supply an unrestricted filesystem path via the JSON key \"path\", which is URL-decoded and passed to Directory.Exists(), allowing the attacker to determine whether arbitrary directories exist on the server.
Vendor
Gfi
Product
Mailessentials
CWE
CWE-203
Yayın Tarihi
2026-02-19 19:22:28
Güncelleme
2026-02-20 17:21:44
Source Identifier
disclosure@vulncheck.com
KEV Date Added
-

Kategoriler

CWE-203 Mailessentials MEDIUM Gfi 2026

Referanslar

https://gfi.ai/products-and-solutions/network-security-solutions/mailessentials/resources/documentation/product-releases https://www.vulncheck.com/advisories/gfi-mailessentials-ai-listserver-ispathexist-absolute-directory-traversal-to-file-enumeration