Critical RCE Vulnerability Discovered in Canon’s GUARDIANWALL MailSuite
A severe security flaw in Canon’s GUARDIANWALL MailSuite has been identified, exposing corporate email infrastructure to remote code execution (RCE) attacks. Tracked as JVN#35567473, the vulnerability stems from a stack-based buffer overflow in the pop3wallpasswd command, allowing threat actors to execute arbitrary code on affected systems.
By sending a maliciously crafted request, attackers can overflow a memory buffer, corrupt adjacent memory, and gain unauthorized control over the web service. Successful exploitation could lead to data breaches, system manipulation, or full server compromise without requiring valid credentials.
The flaw affects GUARDIANWALL MailSuite versions 1.4.00 through 2.4.26, while earlier versions (pre-1.4.00) and legacy editions (7.x and 8.x) remain unaffected. Canon has released an urgent security patch for impacted systems, with administrators advised to apply it immediately.
For organizations unable to patch immediately, a temporary workaround involves disabling the MailSuite administration screen by stopping the grdn-wgw-work process on the WGW worker server. The service can be restored after patching.
Security teams are urged to audit their deployments to assess exposure and prioritize remediation.
Source: https://cybersecuritynews.com/canon-mailsuite-vulnerability/
Canon TPRM report: https://www.rankiteo.com/company/canon-inc-
"id": "can1778783265",
"linkid": "canon-inc-",
"type": "Vulnerability",
"date": "5/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Technology/Software',
'name': 'Canon',
'type': 'Corporation'}],
'attack_vector': 'Maliciously crafted request to the `pop3wallpasswd` command',
'description': 'A severe security flaw in Canon’s GUARDIANWALL MailSuite has '
'been identified, exposing corporate email infrastructure to '
'remote code execution (RCE) attacks. Tracked as JVN#35567473, '
'the vulnerability stems from a stack-based buffer overflow in '
'the `pop3wallpasswd` command, allowing threat actors to '
'execute arbitrary code on affected systems. Successful '
'exploitation could lead to data breaches, system '
'manipulation, or full server compromise without requiring '
'valid credentials.',
'impact': {'data_compromised': 'Potential data breaches',
'operational_impact': 'System manipulation or full server '
'compromise',
'systems_affected': 'GUARDIANWALL MailSuite versions 1.4.00 '
'through 2.4.26'},
'post_incident_analysis': {'corrective_actions': 'Apply security patch and '
'disable vulnerable service '
'temporarily if patching is '
'delayed',
'root_causes': 'Stack-based buffer overflow in the '
'`pop3wallpasswd` command'},
'recommendations': 'Audit deployments to assess exposure and prioritize '
'remediation. Apply the security patch immediately.',
'references': [{'source': 'JVN'}],
'response': {'containment_measures': 'Disable MailSuite administration screen '
'by stopping the `grdn-wgw-work` process '
'on the WGW worker server (temporary '
'workaround)',
'recovery_measures': 'Restore service after patching',
'remediation_measures': 'Apply urgent security patch released by '
'Canon'},
'title': 'Critical RCE Vulnerability Discovered in Canon’s GUARDIANWALL '
'MailSuite',
'type': 'Remote Code Execution (RCE)',
'vulnerability_exploited': 'Stack-based buffer overflow (JVN#35567473)'}