CVE Catalog

CVE-2026-57657

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.10%

1th percentile — higher than 1% of all known CVEs

Summary

The Gmail SMTP plugin version 1.2.3.19 and earlier contains an unauthenticated Cross-Site Request Forgery (CSRF) vulnerability. An attacker can exploit this flaw to perform unauthorized actions in the context of a logged-in administrator.

Risk Assessment

The risk involves the possibility of an attacker performing unwanted operations on the administrator's account, such as changing SMTP settings, without their knowledge or consent.

Recommendation

It is recommended to immediately update the Gmail SMTP plugin to the latest available version that fixes this vulnerability. Also consider implementing CSRF protection mechanisms such as synchronization tokens.

Original NVD description (English source)

Unauthenticated Cross Site Request Forgery (CSRF) in Gmail SMTP <= 1.2.3.19 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS