Critical Vulnerabilities in Synology MailPlus Server Expose Users to Attacks

Critical Vulnerabilities in Synology MailPlus Server Expose Users to Attacks

First seen 2 Jul 2026, 13:29 UTC CybersecuritynewsHeise.De 84% similarity 72.0
Share:

Article Content

Browse articles
ThreatCluster

Synology has identified multiple critical vulnerabilities in its MailPlus Server that could allow attackers to execute denial-of-service (DoS) attacks, access internal services, and manipulate files. The vulnerabilities, including CVE-2025-15660 and CVE-2026-13136, have been rated critical with a CVSS score of 10. Users running MailPlus Server versions 4.0.1-21663 on DSM 7.2.1, 7.2.2, and 7.3 are particularly at risk. The third vulnerability, CVE-2026-13135, is classified as medium and allows access to internal services. Synology has released patches to address these vulnerabilities, and users are urged to update immediately. No ongoing attacks have been reported at this time.

Key Points: • Two critical vulnerabilities (CVE-2025-15660, CVE-2026-13136) rated 10/10 on CVSS. • Affected systems include MailPlus Server versions 4.0.1-21663 on DSM 7.2.1, 7.2.2, and 7.3. • Users are strongly advised to apply patches immediately to mitigate risks.

ThreatCluster AI

Timeline

2025-01-01
CVE-2025-15660 published
Critical vulnerability allowing unauthorized file access and DoS attacks disclosed.
Heise.De
2026-06-30
Synology releases security advisory
Synology issues a critical advisory for vulnerabilities in MailPlus Server, urging users to update.
Cybersecuritynews
2026-07-02
Patches released for vulnerabilities
Synology confirms that security issues in MailPlus Server have been resolved with patches.
Heise.De

Community

Browse all →