diff --git a/security/vuxml/vuln/2026.xml b/security/vuxml/vuln/2026.xml
index 8eeaf717412d..b41c5aaddc65 100644
--- a/security/vuxml/vuln/2026.xml
+++ b/security/vuxml/vuln/2026.xml
@@ -1,54 +1,86 @@
+  <vuln vid="df33c83b-eb4f-11f0-a46f-0897988a1c07">
+    <topic>mail/mailpit -- Server-Side Request Forgery</topic>
+    <affects>
+<package>
+<name>mailpit</name>
+<range><lt>1.28.1</lt></range>
+</package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Mailpit author reports:</p>
+	<blockquote cite="https://github.com/axllent/mailpit/security/advisories/GHSA-8v65-47jx-7mfr">
+	  <p>A Server-Side Request Forgery (SSRF) vulnerability
+	  exists in Mailpit's /proxy endpoint that allows attackers
+	  to make requests to internal network resources.</p>
+	  <p>The /proxy endpoint allows requests to internal network
+	  resources. While it validates http:// and https:// schemes,
+	  it does not block internal IP addresses, allowing attackers
+	  to access internal services and APIs.</p>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <cvename>CVE-2026-21859</cvename>
+      <url>https://github.com/axllent/mailpit/security/advisories/GHSA-8v65-47jx-7mfr</url>
+    </references>
+    <dates>
+      <discovery>2026-01-06</discovery>
+      <entry>2026-01-06</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="e2cd20fd-eb10-11f0-a1c0-0050569f0b83">
     <topic>net-mgmt/net-snmp -- Remote Code Execution (snmptrapd)</topic>
     <affects>
 <package>
 <name>net-snmp</name>
 <range><lt>5.9.5</lt></range>
 </package>
     </affects>
     <description>
 	<body xmlns="http://www.w3.org/1999/xhtml">
 	<p>net-snmp development team reports:</p>
 	<blockquote cite="https://github.com/net-snmp/net-snmp/security/advisories/GHSA-4389-rwqf-q9gq">
 	  <p>A specially crafted packet to an net-snmp snmptrapd daemon can cause a buffer overflow and
 	   the daemon to crash.</p>
 	</blockquote>
 	</body>
     </description>
     <references>
       <cvename>CVE-2025-68615</cvename>
       <url>https://github.com/net-snmp/net-snmp/security/advisories/GHSA-4389-rwqf-q9gq</url>
     </references>
     <dates>
       <discovery>2025-12-23</discovery>
       <entry>2026-01-06</entry>
     </dates>
   </vuln>
 
   <vuln vid="500cc49c-e93b-11f0-b8d8-4ccc6adda413">
     <topic>gstreamer1-plugins-bad -- Out-of-bounds reads in MIDI parser</topic>
     <affects>
 <package>
 <name>gstreamer1-plugins-bad</name>
 <range><lt>1.26.10</lt></range>
 </package>
     </affects>
     <description>
 	<body xmlns="http://www.w3.org/1999/xhtml">
 	<p>The GStreamer Security Center reports:</p>
 	<blockquote cite="https://gstreamer.freedesktop.org/security/sa-2025-0009.html">
 	  <p>Multiple out-of-bounds reads in the MIDI parser that can cause
 	  crashes for certain input files.</p>
 	</blockquote>
 	</body>
     </description>
     <references>
       <cvename>CVE-2025-67326</cvename>
       <cvename>CVE-2025-67327</cvename>
       <url>https://gstreamer.freedesktop.org/security/sa-2025-0009.html</url>
     </references>
     <dates>
       <discovery>2025-12-27</discovery>
       <entry>2026-01-04</entry>
     </dates>
   </vuln>