Opensmtpd OpenBSD Opensmtpd

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in OpenBSD Opensmtpd.

Known Exploited OpenBSD Opensmtpd Vulnerabilities

The following OpenBSD Opensmtpd vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
OpenSMTPD Remote Code Execution Vulnerability smtp_mailaddr in smtp_session.c in OpenSMTPD, as used in OpenBSD and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session.
CVE-2020-7247 Exploit Probability: 94.1%
March 25, 2022

The vulnerability CVE-2020-7247: OpenSMTPD Remote Code Execution Vulnerability is in the top 1% of the currently known exploitable vulnerabilities.

By the Year

In 2025 there have been 0 vulnerabilities in OpenBSD Opensmtpd. Opensmtpd did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2025 0 0.00
2024 0 0.00
2023 0 0.00
2022 0 0.00
2021 0 0.00
2020 1 9.80
2019 0 0.00
2018 0 0.00

It may take a day or so for new Opensmtpd vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent OpenBSD Opensmtpd Security Vulnerabilities

smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products

CVE-2020-7247 9.8 - Critical - January 29, 2020

smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation.

Shell injection

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Canonical Ubuntu Linux or by OpenBSD? Click the Watch button to subscribe.

OpenBSD
Vendor

subscribe