OpenBSD Opensmtpd Security Vulnerabilities in 2025

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in OpenBSD Opensmtpd.

Known Exploited OpenBSD Opensmtpd Vulnerabilities

The following OpenBSD Opensmtpd vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.

Title	Description	Added
OpenSMTPD Remote Code Execution Vulnerability	smtp_mailaddr in smtp_session.c in OpenSMTPD, as used in OpenBSD and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session. CVE-2020-7247 Exploit Probability: 94.1%	March 25, 2022

The vulnerability CVE-2020-7247: OpenSMTPD Remote Code Execution Vulnerability is in the top 1% of the currently known exploitable vulnerabilities.

By the Year

In 2025 there have been 0 vulnerabilities in OpenBSD Opensmtpd. Opensmtpd did not have any published security vulnerabilities last year.

Year	Vulnerabilities	Average Score
2025	0	0.00
2024	0	0.00
2023	0	0.00
2022	0	0.00
2021	0	0.00
2020	1	9.80
2019	0	0.00
2018	0	0.00

It may take a day or so for new Opensmtpd vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent OpenBSD Opensmtpd Security Vulnerabilities

smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products

CVE-2020-7247 9.8 - Critical - January 29, 2020

smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation.

Shell injection