Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.1
Ruby Net::IMAP allows malicious IMAP commands
DEBIAN-CVE-2026-42258
Summary
Net::IMAP, a Ruby library for accessing email, had a security issue that allowed attackers to inject malicious commands. This has been fixed in newer versions. If you're using an older version, update to the latest version to stay secure.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| Debian:11 | debian | ruby2.7 | All versions |
| Debian:12 | debian | ruby3.1 | All versions |
| Debian:13 | debian | ruby3.3 | All versions |
| Debian:14 | debian | ruby3.3 | All versions |
Original title
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, symbol arguments to commands are vulnerable to a CRLF Injecti...
Original description
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, symbol arguments to commands are vulnerable to a CRLF Injection / IMAP Command injection via Symbol arguments passed to IMAP commands. This issue has been patched in versions 0.4.24, 0.5.14, and 0.6.4.
osv CVSS4.0
7.1
- https://security-tracker.debian.org/tracker/CVE-2026-42258 Vendor Advisory
Published: 9 May 2026 · Updated: 19 May 2026 · First seen: 16 May 2026