CYBERSIXT Signal Over Noise
securityonline.info 6/30/2026, 2:30:49 AM · external

Synology MailPlus Server Patched for CVSS 10 Flaw CVE-2026-13136

Synology MailPlus Server Patched for CVSS 10 Flaw CVE-2026-13136
CyberSIXT Evidence Panel
Primary Source synology.com
CVE Intel
CVE-2026-13136 - NVD Not in KEV 0 Patch Unknown
CVE-2025-15660 - NVD Not in KEV 0 Patch Unknown
CVE-2026-13135 - NVD Not in KEV 0 Patch Unknown
CISA KEV Not in KEV
Patch Patch Status Unknown

SYNOLOGY has resolved three critical vulnerabilities in its MailPlus Server, particularly highlighting CVE-2026-13136, which has a CVSS score of 10. This vulnerability enables remote attackers to read/write files and execute denial-of-service attacks. Other vulnerabilities include CVE-2025-15660 (CVSS 9.6) and CVE-2026-13135 (CVSS 5.3), affecting adjacent systems and exposing internal services. Users are advised to update to version 4.0.1-31663 or higher to mitigate these risks, as there are no known workarounds. The flaws affect MailPlus Server on DSM versions 7.3, 7.2.2, and 7.2.1, all rated critical.

View Primary Source Via securityonline.info

Article by CyberSIXT