CVE-2026-42258

Published: May 20, 2026Last modified: May 21, 2026

Description

Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, symbol arguments to commands are vulnerable to a CRLF Injection / IMAP Command injection via Symbol arguments passed to IMAP commands. This issue has been patched in versions 0.4.24, 0.5.14, and 0.6.4.

Severity score breakdown

ParameterValue
Base score5.3
Attack VectorLOCAL
Attack complexityHIGH
Privileges requiredLOW
User interactionNONE
ScopeUNCHANGED
ConfidentialityNONE
Integrity impactHIGH
Availability impactLOW
VectorCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L

Status

ProductReleasePackageStatus
Alpaquita Linux25 LTSruby-net-imapFixed (0.5.14-r0)
Streamruby-net-imapFixed (0.5.14-r0)

References

ON THIS PAGE