External risk intelligence

GUARDIANWALL MailSuite could allow external attackers to take control of the server

GUARDIANWALL MailSuite and Mail Security Cloud could allow external attackers to run arbitrary code, potentially compromising your operational systems or granting admin access. There is currently no indication of active exploitation.

NVD published May 13, 2026 (2 days ago)

External risk briefCRITICAL

CVE-2026-32661

Halo Surface Signal

5/ 5

The affected product is an email security solution designed to process and filter external email traffic. As an email gateway, the service is inherently deployed in internet-facing configurations to communicate with external mail servers, and the vulnerable web service component is accessible to facilitate this management.

Exposure facts

CVSS

9.3

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

EPSS

0.14%

H – Horizon Alert

A security vulnerability has been identified in GUARDIANWALL MailSuite and GUARDIANWALL Mail Security Cloud involving a stack-based buffer overflow. If an attacker sends a specially crafted request to the web service, it could potentially allow for unauthorized code execution when the system is running under specific configurations. This is a notable concern as it could enable an external party to run arbitrary code within the environment, potentially compromising the integrity of the affected mail services.

A – Asset Exposure

This issue impacts the web service components within GUARDIANWALL MailSuite and GUARDIANWALL Mail Security Cloud. Because these solutions are designed to manage email traffic, they are typically deployed in internet-facing configurations, which may allow external attackers to interact with the affected service. A successful compromise could result in unauthorized admin access or the execution of arbitrary commands within your operational systems.

L – Live Threat

We have reviewed the reported buffer overflow vulnerability affecting certain email security configurations. At this time, the available context does not indicate active exploitation or observed targeting by external actors. Consequently, there are no immediate indicators of heightened risk or weaponization associated with this issue.

O – Operational Fix

Please have your security team verify whether your organization utilizes GUARDIANWALL MailSuite or the Mail Security Cloud service. We recommend reviewing the official guidance from Canon IT Solutions to determine if your current configuration—specifically regarding the `pop3wallpasswd` feature—requires attention. Prioritizing this validation will help your team ensure your systems are protected in accordance with vendor recommendations.