Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2026/VULN684
_____________________________________________________________________

DATE                : 29/06/2026

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Synology MailPlus Server for DSM
                              versions prior to 4.0.1-31663.
 
=====================================================================
https://www.synology.com/en-global/security/advisory/Synology_SA_26_11
_____________________________________________________________________

Synology-SA-26:11 Synology MailPlus Server

Publish Time: 2026-06-26 11:51:25 UTC+8

Last Updated: 2026-06-26 12:49:27 UTC+8

Severity
    Critical

Status
    Resolved

Abstract
Synology has released a security update for the Synology MailPlus
Server package in DSM to address multiple vulnerabilities :

            CVE-2026-13136 allows remote attackers to read or write
arbitrary files and conduct denial-of-service attacks.

            CVE-2025-15660 (ZDI-CAN-28554) allows adjacent attackers
to read or write arbitrary files and conduct denial-of-service
attacks.

            CVE-2026-13135 (ZDI-CAN-28485) allows remote attackers to
access internal services.

Please refer to the 'Affected Products' table for the corresponding
updates.


Affected Products

Product 	Severity 	Fixed Release Availability
Synology MailPlus Server for DSM 7.3 	Critical 	Upgrade to
4.0.1-31663 or above.

Synology MailPlus Server for DSM 7.2.2 	Critical 	Upgrade to
4.0.1-21663 or above.

Synology MailPlus Server for DSM 7.2.1 	Critical 	Upgrade to
4.0.1-21663 or above.


Mitigation

None

Detail

    CVE-2026-13136
        Severity: Critical
        CVSS3 Base Score: 10.0
        CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
        CWE-863: Incorrect Authorization
        ** RESERVED ** This candidate has been reserved by an
organization or individual that will use it when announcing a new
security problem. When the candidate has been publicized, the
details for this candidate will be provided.

    CVE-2025-15660
        Severity: Critical
        CVSS3 Base Score: 9.6
        CVSS3 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
        CWE-338: Use of Cryptographically Weak Pseudo-Random Number
Generator (PRNG)
        ** RESERVED ** This candidate has been reserved by an
organization or individual that will use it when announcing a new
security problem. When the candidate has been publicized, the details
for this candidate will be provided.

    CVE-2026-13135
        Severity: Moderate
        CVSS3 Base Score: 5.3
        CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
        CWE-923: Improper Restriction of Communication Channel to
Intended Endpoints
        ** RESERVED ** This candidate has been reserved by an
organization or individual that will use it when announcing a
new security problem. When the candidate has been publicized,
the details for this candidate will be provided.


Acknowledgement

    gcali (_gcali) working with Trend Micro Zero Day Initiative

    ABBA Labs


Reference

    CVE-2025-15660
    CVE-2026-13135
    CVE-2026-13136


Revision

Revision 	Date 	Description
1 	2026-06-26 	Initial public release.


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================