GUARDIANWALL is a mail security gateway — the component that screens incoming and outgoing email for an organization. A full compromise of this system means an attacker controls the gateway that employees and the business trust to filter malicious content, which can be used to suppress security alerts, exfiltrate email content, or pivot deeper into the network. Because no login is required to trigger the attack, any organization with this product exposed to the internet is at risk without any warning or user mistake. For organizations in regulated industries, compromise of the mail gateway creates significant risk of data exposure and potential notification obligations.
You Are Affected If
You run Canon Marketing Japan Inc. GUARDIANWALL MailSuite in your on-premises environment
You use GUARDIANWALL Mail Security Cloud (the SaaS version) for email filtering
The GUARDIANWALL web service component is accessible from the internet or from untrusted network segments
You have not yet applied Canon Marketing Japan's patch for CVE-2026-32661
The product is configured to execute pop3wallpasswd under grdnwww user privileges (the condition required for arbitrary code execution)
Board Talking Points
A confirmed, actively exploited critical vulnerability in our email security gateway allows an external attacker to take full control of the system with no login required.
Security teams should apply Canon Marketing Japan's patch within 24 hours of availability and restrict external access to the affected component immediately.
If this vulnerability is not addressed, attackers could compromise the system that protects all organizational email, with potential for data theft, operational disruption, and regulatory exposure.
GDPR — mail security gateway compromise may expose personal data processed through organizational email, triggering breach assessment and potential notification obligations
HIPAA — organizations using GUARDIANWALL to process email containing protected health information face potential breach notification requirements if the gateway is compromised
