CVE-2026-41113EXPLOITEDPATCHED

sagredo · qmail

CVE-2026-41113: sagredo qmail before 2026.04.07 allows tls_quit remote code execution because of popen in notlshosts_auto in qmail-remot

Description

sagredo qmail before 2026.04.07 allows tls_quit remote code execution because of popen in notlshosts_auto in qmail-remote.c.

Affected Products

Vendor	Product	Versions
sagredo	qmail	2024.10.26

References

Related News (2 articles)

Tier C

oss-security5h ago

CVE-2026-41113: RCE in sagredo fork of qmail

→ No new info (linked only)

Tier C

VulDB1d ago

CVE-2026-41113 | sagredo qmail up to 2026.04.06 qmail-remote.c tls_quit os command injection

→ No new info (linked only)

CVSS 3.18.1 HIGH

VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

2026.04.07

CWECWE-78

PublishedApr 16, 2026

Last enriched5h agov3

Trending Score70

Source articles3

Independent2

Info Completeness10/14

Missing: epss, kev, iocs, mitre_attack

Community Vote

Vulnerability Timeline

CVE Published

Apr 16, 2026

Discovered by ZDM

Apr 16, 2026

Updated: severity, affectedVersions, activelyExploited

Apr 17, 2026

Updated: exploitAvailable

Apr 18, 2026

Actively Exploited

Apr 18, 2026

Exploit Available

Apr 18, 2026

Patch Available

Apr 18, 2026

Version History

Last enriched 5h ago

v3Tier C5h ago

Marked exploitAvailable as true based on new information from the article.

exploitAvailable

via oss-security

v2Tier C1d ago

Updated severity to CRITICAL, affected versions to 2026.04.06, and noted that the vulnerability is actively exploited.

severityaffectedVersionsactivelyExploited

via VulDB

v12d ago

Initial creation

CVE-2026-41113: sagredo qmail before 2026.04.07 allows tls_quit remote code execution because of popen in notlshosts_auto in qmail-remot

Description

Affected Products

References

Related News (2 articles)

Community Vote

Pin to Dashboard

Verification

Vulnerability Timeline

Version History