Moole Vulnerability Database

Find real vulnerabilities before they ship

High

CVE-2026-38728

An issue in Nodemailer smtp_server before v.3.18.3 allows a remote attacker to cause a denial of service via the SMTPStream._write, lib/smtp-stream.js components

VectorNETWORK

PublishedMay 15, 2026, 15:16

Published Bycve@mitre.org

Base Score

Score7.5

Affected Versions

No affected versions found.

References

https://bytecreator.dev/blog/CVE-2026-38728
https://github.com/nodemailer/smtp-server
https://github.com/nodemailer/smtp-server/releases/tag/v3.18.3

Weakness Type

CWE-400

CVSS Metrics

Base Score

7.5

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Base SeverityHigh

Version

3.1

Attack Vector (AV)

NETWORK