Changeflow GovPing Data Privacy & Cybersecurity Synology Mail Station Vulnerability Advisory
Priority review Notice Added Final

Synology Mail Station Vulnerability Advisory

Favicon for www.cert.ssi.gouv.fr CERT-FR Security Advisories
Published April 3rd, 2026
Detected April 3rd, 2026
Email

Summary

CERT-FR issued a security advisory warning of a vulnerability in Synology Mail Station (versions prior to 30000001.3.19-20332 for DSM). The vulnerability, tracked as CVE-2026-5129, allows attackers to compromise data confidentiality and integrity. Users are advised to apply the vendor patch referenced in Synology security advisory Synology_SA_26_04.

View original document View source feed page

What changed

CERT-FR published advisory CERTFR-2026-AVI-0393 disclosing a vulnerability in Synology Mail Station affecting versions before 30000001.3.19-20332 for DSM. The vulnerability (CVE-2026-5129) allows attackers to cause data confidentiality breaches and data integrity violations. The source is Synology security advisory SynologySA26_04 dated March 31, 2026.

Organizations running affected Synology Mail Station versions should immediately verify their current software version, download the security patch from Synology's advisory page, and apply it without delay. Failure to patch could expose email communications and stored data to unauthorized access or tampering. No compliance deadline or penalty structure is specified, but immediate action is warranted given the confidentiality and integrity risks.

What to do next

  1. Identify all Synology Mail Station installations and verify current version against affected versions (prior to 30000001.3.19-20332 for DSM)
  2. Download and apply the security patch from Synology advisory Synology_SA_26_04
  3. Monitor CVE-2026-5129 for any updated severity ratings or additional mitigation guidance

Source document (simplified)

Premier Ministre S.G.D.S.N

Agence nationale
de la sécurité des
systèmes d'information

Paris, le 03 avril 2026 N° CERTFR-2026-AVI-0393 Affaire suivie par: CERT-FR

Avis du CERT-FR

Objet: Vulnérabilité dans Synology Mail Station

Gestion du document

| Référence | CERTFR-2026-AVI-0393 |
| Titre | Vulnérabilité dans Synology Mail Station |
| Date de la première version | 03 avril 2026 |
| Date de la dernière version | 03 avril 2026 |
| Source(s) | Bulletin de sécurité Synology SynologySA26_04 du 31 mars 2026 |
Une gestion de version détaillée se trouve à la fin de ce document.

Risques

  • Atteinte à l'intégrité des données
  • Atteinte à la confidentialité des données

Systèmes affectés

  • Mail Station versions antérieures à 30000001.3.19-20332 pour DSM

Résumé

Une vulnérabilité a été découverte dans Synology Mail Station. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Documentation

Gestion détaillée du document

  1. le 03 avril 2026 Version initiale

Named provisions

Vulnérabilité dans Synology Mail Station Risques Systèmes affectés Solutions Documentation

Related changes

Favicon for www.cert.ssi.gouv.fr Multiple Vulnerabilities in VMware Tanzu MySQL Kubernetes
Priority review Apr 03, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity
Favicon for www.cert.ssi.gouv.fr Multiple IBM Vulnerabilities Data Integrity Confidentiality Risks
Priority review Apr 03, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity
Favicon for www.cert.ssi.gouv.fr Microsoft Edge Multiple Security Vulnerabilities Advisory
Priority review Apr 03, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity
Favicon for www.cssf.lu Active Supply Chain Attack Targeting Axios NPM
Urgent Apr 04, 2026 CSSF News Banking & Finance
Favicon for www.oig.dot.gov FAA High-Impact System Security Gaps in National Airspace
Priority review Apr 03, 2026 DOT OIG Reports Transportation
Favicon for www.enisa.europa.eu EU Digital Wallet Certification Scheme Public Consultation
Priority review Apr 03, 2026 ENISA News Data Privacy & Cybersecurity

Source

Favicon for www.cert.ssi.gouv.fr
CERT-FR Security Advisories cert.ssi.gouv.fr/avis
Data Privacy & Cybersecurity
Analysis generated by AI. Source diff and links are from the original.

Classification

Agency
CERT-FR
Published
April 3rd, 2026
Instrument
Notice
Legal weight
Non-binding
Stage
Final
Change scope
Minor
Document ID
CERTFR-2026-AVI-0393

Who this affects

Applies to
Technology companies Government agencies
Industry sector
3341 Computer & Electronics Manufacturing 5112 Software & Technology 5182 Data Processing & Hosting
Activity scope
Vulnerability Disclosure Patch Management
Geographic scope
France FR

Taxonomy

Primary area
Cybersecurity
Operational domain
Compliance
Topics
Data Privacy Technology

Browse Categories

Agriculture & Food Safety 63 AI Regulation 3 Banking & Finance 266 Consumer & Competition 1 Consumer Protection 43 Courts & Legal 358 Data Privacy & Cybersecurity 74 Defense & National Security 52 Education 20 Energy 101 Environment 85 Government & Legislation 274 Healthcare 135 Housing 16 Immigration 9 Insurance 58 Labor & Employment 113 Legal & Courts 1 medical-board 1 Pharma & Drug Safety 103 Securities & Markets 104 Tax 65 Tax & Revenue 1 Telecom & Technology 47 Trade & Sanctions 124 Transportation 57

Get Data Privacy & Cybersecurity alerts

Weekly digest. AI-summarized, no noise.

Free. Unsubscribe anytime.

Get alerts for this source

We'll email you when CERT-FR Security Advisories publishes new changes.

Optional. Personalizes your daily digest.

Free. Unsubscribe anytime.