CVE-2026-42258 - CERT CVE
ID CVE-2026-42258
Sažetak Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, symbol arguments to commands are vulnerable to a CRLF Injection / IMAP Command injection via Symbol arguments passed to IMAP commands. This issue has been patched in versions 0.4.24, 0.5.14, and 0.6.4.
Reference
CVSS
Base: 5.3
Impact: 4.2
Exploitability:1.0
Pristup
VektorSloženostAutentikacija
LOCAL HIGH LOW
Impact
PovjerljivostCjelovitostDostupnost
NONE HIGH LOW
CVSS vektor CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L
Zadnje važnije ažuriranje 13-07-2026 - 13:16
Objavljeno 09-05-2026 - 20:16