A vulnerability was found in Nodemailer smtp_server up to 3.18.2 and classified as problematic . This impacts the function SMTPStream._write in the library lib/smtp-stream.js . Executing a manipulation can lead to denial of service. This vulnerability is handled as CVE-2026-38728 . The attack can be executed remotely. There is not any exploit available. It is suggested to upgrade the affected component.