Bulwark Webmail S/MIME signature verification accepted self-signed certificates

Description

A vulnerability classified as critical has been found in bulwarkmail webmail up to 1.4.10. The affected element is an unknown function of the component SMIME Signature Verification. This manipulation causes improper certificate validation.

Affected Products

Vendor	Product	Versions
bulwarkmail	webmail	< 1.4.11

References

https://github.com/bulwarkmail/webmail/security/advisories/GHSA-v6w6-338p-p256(x_refsource_CONFIRM)

Related News (1 articles)

Tier C

VulDB2h ago

CVE-2026-35389 | bulwarkmail webmail up to 1.4.10 SMIME Signature Verification certificate validation

→ No new info (linked only)

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

1.4.11

CWECWE-295

PublishedApr 6, 2026

Last enriched2h agov2

Trending Score50

Source articles1

Independent1

Info Completeness8/14

Missing: cvss, epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (3)

Version History

Last enriched 2h ago

v2Tier C2h ago

Updated severity to CRITICAL, added new description, and noted that the vulnerability is actively exploited.

descriptionseverityactivelyExploitedpatchAvailable

via VulDB

v12h ago

Initial creation