[Japanese]

JVNDB-2026-000072

GUARDIANWALL MailSuite vulnerable to stack-based buffer overflow

Overview

GUARDIANWALL MailSuite provided by Canon Marketing Japan Inc. contains the following vulnerability.
  • Stack-based buffer overflow in pop3wallpasswd command (CWE-121) - CVE-2026-32661
  • This can be exploited only when the product is configured to run pop3wallpasswd with grdnwww user privilege
The developer states that attacks exploiting the vulnerability has been observed in GUARDIANWALL MailSuite (On-premises version).

Canon Marketing Japan Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.
JPCERT/CC and Canon Marketing Japan Inc. coordinated under the Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 9.8 (Critical) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
CVSS v4 Severity
Base Metrics: 9.3 (Critical) [IPA Score]
  • Access Vector (AV): Network
  • Attack Complexity (AC): Low
  • Attack Requirements (AT): None
  • Privileges Required (PR): None
  • User Interaction (UI): None
    • Vulnerable System Impact
  • Confidentiality Impact (VC): High
  • Integrity Impact (VI): High
  • Availability Impact (VA): High
    • Subsequent System Impact
  • Confidentiality Impact (SC): None
  • Integrity Impact (SI): None
  • Availability Impact (SA): None
Affected Products


Canon Marketing Japan Inc.
  • GUARDIANWALL MailSuite (On-premises version) Ver 1.4.00 to Ver 2.4.26
  • GUARDIANWALL Mail Security Cloud (SaaS version) versions before the maintenance on April 30, 2026

Impact

If a remote attacker sends a specially crafted request to the product's web service, arbitrary code may be executed.
Solution

[Apply the patch]
Apply all the patches provided by the developer.

Note that, GUARDIANWALL Mail Security Cloud (SaaS version) has already been fixed with April 30, 2026 updates.

[Apply the Workaround]
The developer recommends the users to follow the workaround until applying the patch.

For more details, refer to the information provided by the developer.
Vendor Information

Canon Marketing Japan Inc.
CWE (What is CWE?)

  1. Buffer Errors(CWE-119) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2026-32661
References

  1. JVN : JVN#35567473
Revision History

  • [2026/05/13]
      Web page was published

Date Public2026/05/13
Date First Published2026/05/13
Date Last Updated2026/05/13