HSC MailInspector v5.3.3-7 contains a Local File Inclusion (LFI) vulnerability caused by improper control of user-supplied file paths. The endpoint /vendor/phpunit/phpunit.php processes user-controlled parameters that directly affect file access operations without adequate validation, sanitization, or path restriction. This allows a remote attacker to exploit Path Traversal techniques to read arbitrary files from the underlying operating system and application directories, leading to sensitive information disclosure.
Casky was already ahead
This CVE exploits attack patterns that Casky's 0matched skills already investigate — long before this vulnerability was disclosed. Claude's reasoning model maps these techniques to MITRE ATT&CK, so practitioners who ran these skills have already seen the threat behaviour in their findings.
HSC MailInspector v5.3.3-7 contains a critical Local File Inclusion (LFI) vulnerability in its /vendor/phpunit/phpunit.php endpoint that fails to properly validate user-supplied file paths. This CWE-73 weakness allows remote attackers to traverse directory structures and read arbitrary files from the system without authentication, potentially exposing sensitive application configurations, credentials, source code, and system files. The vulnerability affects organizations using vulnerable versions of MailInspector for email security and inspection, creating a direct pathway for information disclosure that could enable further attacks.
While this CVE does not map directly to MITRE ATT&CK techniques in the current dataset, Casky's Claude-powered analysis would detect the attack patterns associated with this vulnerability through reconnaissance and discovery behaviors. Practitioners using Casky would identify suspicious patterns including: repeated requests to the /vendor/phpunit/ endpoint with path traversal sequences (../ or encoded variants), parameter fuzzing attempting to access sensitive files like /etc/passwd or application configuration files, and behavioral indicators of file enumeration. The platform's extended reasoning capability would correlate these request patterns with known exploitation signatures, flagging attempts to abuse poorly-protected legacy endpoints and alerting teams to potential information disclosure in progress before sensitive data is exfiltrated.
Composite risk scoring from EPSS, CISA KEV, Shodan, and GreyNoise — 21 security APIs correlated into a single Casky Risk Score. Coming in Casky Pro. Join early access →
Casky has 0 skills that investigate the attack patterns behind CVE-2026-29962. Run one and get CVSS-scored findings in 3 minutes.
Run the skill that detects this →© 2026 Casky.AI, Inc. · AI Security Investigation