A vulnerability labeled as critical has been found in bulwarkmail webmail up to 1.4.9 . This affects the function verifyIdentity of the component Setting Handler . Such manipulation leads to improper authentication. This vulnerability is uniquely identified as CVE-2026-34834 . The attack can be launched remotely. No exploit exists. The affected component should be upgraded.