CVE-2026-23620: CWE-203 Observable Discrepancy in GFI Software MailEssentials AI
GFI MailEssentials AI versions prior to 22.4 contain an arbitrary file existence enumeration vulnerability in the ListServer.IsDBExist() web method exposed at /MailEssentials/pages/MailSecurity/ListServer.aspx/IsDBExist. An authenticated user can supply an unrestricted filesystem path via the JSON key \"path\", which is URL-decoded and passed to File.Exists(), allowing the attacker to determine whether arbitrary files exist on the server.
AI Analysis
Technical Summary
CVE-2026-23620 is an arbitrary file existence enumeration vulnerability in GFI MailEssentials AI versions before 22.4. The issue exists in the ListServer.IsDBExist() web method exposed at /MailEssentials/pages/MailSecurity/ListServer.aspx/IsDBExist, which accepts an authenticated user's JSON input containing a 'path' key. This path is URL-decoded and passed directly to File.Exists() without restriction, allowing the user to determine if arbitrary files exist on the server filesystem. This observable discrepancy can leak information about the server's file structure. The vulnerability has a medium severity with a CVSS 4.0 score of 5.3 and requires authentication to exploit. No patch or official remediation guidance is currently available.
Potential Impact
An authenticated attacker can enumerate the existence of arbitrary files on the server running GFI MailEssentials AI prior to version 22.4. This information disclosure could facilitate further attacks by revealing sensitive file locations or confirming the presence of specific files. There is no indication of direct code execution or privilege escalation from this vulnerability alone. No known exploits are reported in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, restrict access to the affected web method to trusted authenticated users only and monitor for suspicious activity. Avoid exposing the vulnerable endpoint to untrusted networks. Follow vendor communications for updates on patches or official mitigations.
CVE-2026-23620: CWE-203 Observable Discrepancy in GFI Software MailEssentials AI
Description
GFI MailEssentials AI versions prior to 22.4 contain an arbitrary file existence enumeration vulnerability in the ListServer.IsDBExist() web method exposed at /MailEssentials/pages/MailSecurity/ListServer.aspx/IsDBExist. An authenticated user can supply an unrestricted filesystem path via the JSON key \"path\", which is URL-decoded and passed to File.Exists(), allowing the attacker to determine whether arbitrary files exist on the server.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-23620 is an arbitrary file existence enumeration vulnerability in GFI MailEssentials AI versions before 22.4. The issue exists in the ListServer.IsDBExist() web method exposed at /MailEssentials/pages/MailSecurity/ListServer.aspx/IsDBExist, which accepts an authenticated user's JSON input containing a 'path' key. This path is URL-decoded and passed directly to File.Exists() without restriction, allowing the user to determine if arbitrary files exist on the server filesystem. This observable discrepancy can leak information about the server's file structure. The vulnerability has a medium severity with a CVSS 4.0 score of 5.3 and requires authentication to exploit. No patch or official remediation guidance is currently available.
Potential Impact
An authenticated attacker can enumerate the existence of arbitrary files on the server running GFI MailEssentials AI prior to version 22.4. This information disclosure could facilitate further attacks by revealing sensitive file locations or confirming the presence of specific files. There is no indication of direct code execution or privilege escalation from this vulnerability alone. No known exploits are reported in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, restrict access to the affected web method to trusted authenticated users only and monitor for suspicious activity. Avoid exposing the vulnerable endpoint to untrusted networks. Follow vendor communications for updates on patches or official mitigations.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulnCheck
- Date Reserved
- 2026-01-14T16:02:29.335Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 69975aafd7880ec89b287cc1
Added to database: 2/19/2026, 6:47:11 PM
Last enriched: 5/14/2026, 2:08:10 AM
Last updated: 5/21/2026, 8:00:44 PM
Views: 162
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.