216.73.217.172

CVE-2026-27492

· Published 21/02/2026 11:15 · Modified 21/02/2026 11:15

Labels: CVE-2026-27492 2026-02-21CVE-2026-27492CWE-488[email protected]

Essential information

Published
21/02/2026 11:15
Modified
21/02/2026 11:15
Author
Creator
CVSS
4.7 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS metrics

Description

Lettermint Node.js SDK is the official Node.js SDK for Lettermint. In versions 1.5.0 and below, email properties (such as to, subject, html, text, and attachments) are not reset between sends when a single client instance is reused across multiple .send() calls. This can cause properties from a previous send to leak into a subsequent one, potentially delivering content or recipient addresses to unintended parties. Applications sending emails to different recipients in sequence — such as transactional flows like password resets or notifications — are affected. This issue has been fixed in version 1.5.1.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
lettermint / lettermint node.js sdk cpe:2.3:a:lettermint:lettermint_node.js_sdk:1.5.0:*:*:*:*:*:*:*

References