Home
Description
An issue in Nodemailer smtp_server before v.3.18.3 allows a remote attacker to cause a denial of service via the SMTPStream._write, lib/smtp-stream.js components
References
bytecreator.dev/blog/CVE-2026-38728
github.com/nodemailer/smtp-server
github.com/nodemailer/smtp-server/releases/tag/v3.18.3
bytecreator.dev/blog/CVE-2026-38728