CVE-2026-34752

Published: Apr 02, 2026 Last Modified: Apr 02, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 8,7

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

Description

AI Translation Available

Haraka is a Node.js mail server. Prior to version 3.1.4, sending an email with __proto__: as a header name crashes the Haraka worker process. This issue has been patched in version 3.1.4.

248

Uncaught Exception

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Availability Confidentiality

Potential Impacts:

Dos: Crash, Exit, Or Restart Read Application Data

Applicable Platforms

Languages: C#, C++, Java

View CWE Details

https://github.com/haraka/Haraka/releases/tag/v3.1.4

https://github.com/haraka/Haraka/security/advisories/GHSA-x…

https://github.com/haraka/Haraka/security/advisories/GHSA-xph3-r2jf-4vp3

CVE-2026-34752

Description

Uncaught Exception

Common Consequences

Applicable Platforms

Iscriviti alla newsletter