CVE-2026-42258

MEDIUM SEVERITY

Vulnerability Description

Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, symbol arguments to commands are vulnerable to a CRLF Injection / IMAP Command injection via Symbol arguments passed to IMAP commands. This issue has been patched in versions 0.4.24, 0.5.14, and 0.6.4.

Vulnerability Details

Published Date

May 04, 2026

Last Modified

May 09, 2026

CWE ID

CWE-77

Source

GitHub

Vendor

rubygems

Product

net-imap

External References

https://github.com/ruby/net-imap/security/advisories/GHSA-75xq-5h9v-w6px
https://github.com/ruby/net-imap/commit/6bf02aef7e0b5931010c36e377f79a71636b306b
https://github.com/ruby/net-imap/commit/9db3e9d60bfb8f3735ea95015bf8a700f4af9cbb
https://github.com/ruby/net-imap/commit/aec06996eb87a7e1bbcef1f9f8926e8add2b8c71
https://github.com/ruby/net-imap/releases/tag/v0.4.24
https://github.com/ruby/net-imap/releases/tag/v0.5.14
https://github.com/ruby/net-imap/releases/tag/v0.6.4
https://github.com/advisories/GHSA-75xq-5h9v-w6px

CVE-2026-42258

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment