CVE-2026-38728 PUBLISHED

Assigner: mitre
Reserved: 06.04.2026 Published: 15.05.2026 Updated: 15.05.2026

An issue in Nodemailer smtp_server before v.3.18.3 allows a remote attacker to cause a denial of service via the SMTPStream._write, lib/smtp-stream.js components

Product Status

Vendor	n/a
Product	n/a
Versions	Version n/a is affected

References

https://github.com/nodemailer/smtp-server
https://github.com/nodemailer/smtp-server/releases/tag/v3.18.3
https://bytecreator.dev/blog/CVE-2026-38728

Problem Types

n/a text