CVE-2022-4055EPSS p46.4%

CVE-2022-4055CVE-2022-4055

freedesktop / xdg-utils

Description

When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional headers being passed to thunderbird that should not be included per RFC 2368. An attacker can use this method to create a mailto URL that looks safe to users, but will actually attach files when clicked.

Scoring

CVSS 7.4 ()
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
EPSS0.65% probability of exploitation · percentile 46.4% · 2026-06-19T12:03:05Z
Last modified2026-06-17
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.