Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2026/VULN204
_____________________________________________________________________

DATE                : 23/02/2026

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running IceWarp Epos versions prior to
            Update 2 14.2.0.12, Update 1 14.1.0.20, 14.0.0.18, 
                     Deep Castle versions prior to 13.0.3.13.

=====================================================================
https://support.icewarp.com/hc/en-us/articles/39702252317713-IceWarp-Security-Update
_____________________________________________________________________

 IceWarp Security Update

IceWarp Support

    February 20, 2026 11:25 Updated 

IceWarp has released a security update to address a critical
vulnerability found during our regular security audits. This
vulnerability could allow an attacker to gain unauthorised access to
the server where IceWarp is running, on both Windows and Linux
platforms.

WE URGE ALL CUSTOMERS AND PARTNERS TO BACKUP THE WHOLE SERVER
IMMEDIATELY AND UPDATE THEIR ICEWARP INSTANCE AS SOON AS POSSIBLE
TO MEET THE FOLLOWING VERSIONS:

    IceWarp Epos Update 2: Upgrade to version 14.2.0.9 or newer.
(Latest version of Update 2: 14.2.0.12)
    IceWarp Epos Update 1: Upgrade to version 14.1.0.19 or newer.
(Latest version of Update 1: 14.1.0.20)
    IceWarp Epos (1st generation): Upgrade to version 14.0.0.18 or
newer. (Latest version of Epos: 14.0.0.18)
    Deep Castle and older versions: Upgrade to version 13.0.3.13
or newer. (Latest version of Deep Castle: 13.0.3.13)

If you have any reason to downgrade your IceWarp instance, follow
these instructions:

    How to downgrade the current version to the previous main
version

If you are performing the update yourself, be sure to back up
the entire server and update versions gradually, as described
in our articles:

    Upgrade to EPOS from previous versions on Linux
    Upgrade to EPOS from previous versions on Windows

Should you have any hesitation about installing it yourself, our
Support team is here to guide you through the process — don’t
hesitate to get in touch. 

‼️Please note that you may be contacted by the state security
authorities due to the severity of this vulnerability.

‼️Customers with an expired license will receive a new SAAS
license for 1 month at no charge due to upgrade requirements.


DOWNLOAD LATEST BUILDS

    EPOS Update 2 (14.2.0.12) on RHEL9, RHEL8, and
Windows + remote admin console
    EPOS Update 1 (14.1.0.20) on RHEL9, RHEL8, RHEL7 and
Windows + remote admin console
    EPOS (14.0.0.18) on RHEL9, RHEL8, RHEL7 and
Windows + remote admin console
    Deep Castle (13.0.3.13) on RHEL8, RHEL7 and
Windows + remote admin console


FREQUENTLY ASKED QUESTIONS (FAQ)

    What happened?
    As part of our routine and regular penetration testing, we
have received a report highlighting a critical security
vulnerability. If the script used by the attackers is
appropriately crafted, it could potentially lead to a full
compromise of the server.

    Who was affected?
    Both Cloud and On-premises instances could be affected. The
patch was already deployed in the Cloud and for the On-premises
is available above via download links.

    Which IceWarp versions are affected?
    The issue affects versions from 11.0.0 up to the latest release.

    Does the vulnerability affect Windows or Linux?
    The vulnerability affects both operating systems.

    Was there any recorded case?
    No, the security of our clients has not been compromised.

    What corrective measures have been taken?
    A security patch was immediately prepared and distributed to
our partners and clients, along with instructions for the urgent
installation of the new version (On-prem). Regarding the Cloud,
this update has already been implemented across all instances.

    How will the patch be distributed?
    The patch will be distributed via KB link attached to an
email; recipients will not need to locate any additional files
or information. All required installation instructions and
supporting details will be provided in the KB.

    How do you plan to prevent such incidents in the future?
    Such incidents cannot be completely avoided; however, we
will continue to conduct regular security audits and implement
more frequent updates and patches to proactively address
potential vulnerabilities.


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================