Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-47240 (GCVE-0-2026-47240)
Vulnerability from cvelistv5 – Published: 2026-06-22 20:17 – Updated: 2026-06-23 15:06| URL | Tags |
|---|---|
| https://github.com/ruby/net-imap/security/advisor… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-47240",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-23T14:52:09.927243Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-23T15:06:33.819Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "net-imap",
"vendor": "ruby",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.6.0, \u003c 0.6.4.1"
},
{
"status": "affected",
"version": "\u003c 0.5.15"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to 0.6.5 and 0.5.15, several Net::IMAP commands accept a \"raw data\" argument that is sent verbatim after validation to prevent command injection. However, if a server does not support non-synchronizing literals, it may still be possible to inject arbitrary IMAP commands inside non-synchronizing literals. A server without support for non-synchronizing literals may interpret the \"+}\\r\\n\" as the end of a malformed command line and respond with a tagged BAD. In that case, the contents of the literal will be interpreted as one or more new pipelined commands, allowing a CRLF command injection attack to succeed. This affects criteria for #search and #uid_search; search_keys for #sort, #thread, #uid_sort, and #uid_thread; and attr for #fetch and #uid_fetch. This vulnerability is fixed in 0.6.5 and 0.5.15."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-93",
"description": "CWE-93: Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-22T20:17:15.376Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/ruby/net-imap/security/advisories/GHSA-8p34-64r3-mwg8",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ruby/net-imap/security/advisories/GHSA-8p34-64r3-mwg8"
}
],
"source": {
"advisory": "GHSA-8p34-64r3-mwg8",
"discovery": "UNKNOWN"
},
"title": "Net::IMAP: Command Injection via non-synchronizing literal in \"raw\" argument"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-47240",
"datePublished": "2026-06-22T20:17:15.376Z",
"dateReserved": "2026-05-18T22:54:18.272Z",
"dateUpdated": "2026-06-23T15:06:33.819Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-47240",
"date": "2026-07-16",
"epss": "0.00491",
"percentile": "0.38918"
},
"microsoft_vex": {
"current_release_date": "2026-06-27T01:09:36.000Z",
"cve": "CVE-2026-47240",
"id": "msrc_CVE-2026-47240",
"initial_release_date": "2026-06-02T00:00:00.000Z",
"product_status:known_affected": "1",
"source": "Microsoft CSAF VEX",
"status": "final",
"title": "Net::IMAP: Command Injection via non-synchronizing literal in \"raw\" argument",
"url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-47240.json",
"version": "1"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-47240\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-06-22T21:16:24.543\",\"lastModified\":\"2026-06-23T16:16:59.780\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to 0.6.5 and 0.5.15, several Net::IMAP commands accept a \\\"raw data\\\" argument that is sent verbatim after validation to prevent command injection. However, if a server does not support non-synchronizing literals, it may still be possible to inject arbitrary IMAP commands inside non-synchronizing literals. A server without support for non-synchronizing literals may interpret the \\\"+}\\\\r\\\\n\\\" as the end of a malformed command line and respond with a tagged BAD. In that case, the contents of the literal will be interpreted as one or more new pipelined commands, allowing a CRLF command injection attack to succeed. This affects criteria for #search and #uid_search; search_keys for #sort, #thread, #uid_sort, and #uid_thread; and attr for #fetch and #uid_fetch. This vulnerability is fixed in 0.6.5 and 0.5.15.\"}],\"affected\":[{\"source\":\"security-advisories@github.com\",\"affectedData\":[{\"vendor\":\"ruby\",\"product\":\"net-imap\",\"versions\":[{\"version\":\"\u003e= 0.6.0, \u003c 0.6.4.1\",\"status\":\"affected\"},{\"version\":\"\u003c 0.5.15\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":5.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"PASSIVE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"LOW\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-06-23T14:52:09.927243Z\",\"id\":\"CVE-2026-47240\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-77\"},{\"lang\":\"en\",\"value\":\"CWE-93\"}]}],\"references\":[{\"url\":\"https://github.com/ruby/net-imap/security/advisories/GHSA-8p34-64r3-mwg8\",\"source\":\"security-advisories@github.com\"}]}}",
"redhat_vex": {
"aggregate_severity": "Moderate",
"current_release_date": "2026-07-15T21:43:19+00:00",
"cve": "CVE-2026-47240",
"id": "CVE-2026-47240",
"initial_release_date": "2026-06-22T20:17:15.376000+00:00",
"product_status:fixed": "8",
"product_status:known_affected": "124",
"product_status:known_not_affected": "10",
"source": "Red Hat CSAF VEX",
"status": "final",
"title": "net-imap: Net::IMAP: Command injection via non-synchronizing literals",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-47240.json",
"version": "3"
},
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-47240\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-06-23T14:52:09.927243Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-06-23T14:52:19.448Z\"}}], \"cna\": {\"title\": \"Net::IMAP: Command Injection via non-synchronizing literal in \\\"raw\\\" argument\", \"source\": {\"advisory\": \"GHSA-8p34-64r3-mwg8\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 5.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N\", \"userInteraction\": \"PASSIVE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"LOW\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"ruby\", \"product\": \"net-imap\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 0.6.0, \u003c 0.6.4.1\"}, {\"status\": \"affected\", \"version\": \"\u003c 0.5.15\"}]}], \"references\": [{\"url\": \"https://github.com/ruby/net-imap/security/advisories/GHSA-8p34-64r3-mwg8\", \"name\": \"https://github.com/ruby/net-imap/security/advisories/GHSA-8p34-64r3-mwg8\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to 0.6.5 and 0.5.15, several Net::IMAP commands accept a \\\"raw data\\\" argument that is sent verbatim after validation to prevent command injection. However, if a server does not support non-synchronizing literals, it may still be possible to inject arbitrary IMAP commands inside non-synchronizing literals. A server without support for non-synchronizing literals may interpret the \\\"+}\\\\r\\\\n\\\" as the end of a malformed command line and respond with a tagged BAD. In that case, the contents of the literal will be interpreted as one or more new pipelined commands, allowing a CRLF command injection attack to succeed. This affects criteria for #search and #uid_search; search_keys for #sort, #thread, #uid_sort, and #uid_thread; and attr for #fetch and #uid_fetch. This vulnerability is fixed in 0.6.5 and 0.5.15.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-77\", \"description\": \"CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-93\", \"description\": \"CWE-93: Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-06-22T20:17:15.376Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-47240\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-06-23T15:06:33.819Z\", \"dateReserved\": \"2026-05-18T22:54:18.272Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-06-22T20:17:15.376Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
FKIE_CVE-2026-47240
Vulnerability from fkie_nvd - Published: 2026-06-22 21:16 - Updated: 2026-06-23 16:16| Vendor | Product | Version |
|---|
{
"affected": [
{
"affectedData": [
{
"product": "net-imap",
"vendor": "ruby",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.6.0, \u003c 0.6.4.1"
},
{
"status": "affected",
"version": "\u003c 0.5.15"
}
]
}
],
"source": "security-advisories@github.com"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to 0.6.5 and 0.5.15, several Net::IMAP commands accept a \"raw data\" argument that is sent verbatim after validation to prevent command injection. However, if a server does not support non-synchronizing literals, it may still be possible to inject arbitrary IMAP commands inside non-synchronizing literals. A server without support for non-synchronizing literals may interpret the \"+}\\r\\n\" as the end of a malformed command line and respond with a tagged BAD. In that case, the contents of the literal will be interpreted as one or more new pipelined commands, allowing a CRLF command injection attack to succeed. This affects criteria for #search and #uid_search; search_keys for #sort, #thread, #uid_sort, and #uid_thread; and attr for #fetch and #uid_fetch. This vulnerability is fixed in 0.6.5 and 0.5.15."
}
],
"id": "CVE-2026-47240",
"lastModified": "2026-06-23T16:16:59.780",
"metrics": {
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2026-47240",
"options": [
{
"exploitation": "none"
},
{
"automatable": "no"
},
{
"technicalImpact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-23T14:52:09.927243Z",
"version": "2.0.3"
}
}
]
},
"published": "2026-06-22T21:16:24.543",
"references": [
{
"source": "security-advisories@github.com",
"url": "https://github.com/ruby/net-imap/security/advisories/GHSA-8p34-64r3-mwg8"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
},
{
"lang": "en",
"value": "CWE-93"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
GHSA-8P34-64R3-MWG8
Vulnerability from github – Published: 2026-06-09 18:36 – Updated: 2026-07-06 22:53Several Net::IMAP commands accept a "raw data" argument that is sent verbatim after validation to prevent command injection. However, if a server does not support non-synchronizing literals, it may still be possible to inject arbitrary IMAP commands inside non-synchronizing literals.
Details
Raw data arguments support embedded literal values, both synchronizing and non-synchronizing. Non-synchronizing literals can only be safely sent when the server advertises any of the LITERAL+, LITERAL-, or IMAP4rev2 capabilities. But raw data arguments do not verify server support for non-synchronizing literals prior to sending.
Servers without support for non-synchronizing literals could handle them in several different ways: If a server sees a "}\r\n" byte sequence but can't parse the literal bytesize, it may cautiously decide to close the connection, blocking any command injection attacks. However, a server without support for non-synchronizing literals may instead interpret the "+}\r\n" as the end of a malformed command line and respond with a tagged BAD. In that case, the contents of the literal will be interpreted as one or more new pipelined commands, allowing a CRLF command injection attack to succeed.
This affects the following commands' string arguments:
* criteria for #search and #uid_search
* search_keys for #sort, #thread, #uid_sort, and #uid_thread
* attr for #fetch and #uid_fetch
Prior to net-imap v0.6.4, v0.5.14, and v0.4.24, raw data arguments were not validated in any way, so they were also vulnerable to this attack. See CVE-2026-42257 (GHSA-hm49-wcqc-g2xg).
Impact
Fortunately, LITERAL- is supported by most modern IMAP servers. Even without support for non-synchronizing literals, cautious servers may handle invalid literal bytesize by closing the connection . However, servers which handle a non-synchronizing literal just like any other malformed command will enable this vulnerability.
If a developer passes an unvalidated user-controlled input for one of these method arguments, an attacker can append CRLF sequence followed by a new IMAP command (like DELETE mailbox). Although this does not directly enable data exfiltration, it could be combined with other attack vectors or knowledge of the target system's attributes, e.g.: shared mail folders or the application's installed response handlers.
Mitigation
Update to a version of net-imap which validates server support for non-synchronizing literals before sending them.
If upgrading net-imap is not possible:
* Explicitly validate user-controlled inputs to prevent embedded non-synchronizing literals unless the server supports them.
* For a simpler, more cautious approach: all embedded literals can be unconditionally prohibited, by checking that string inputs do not contain any CR or LF bytes.
* Verify that the server advertises any of the LITERAL+, LITERAL-, or IMAP4rev2 capabilities before using untrusted string inputs for the affected "raw data" arguments.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 0.6.4"
},
"package": {
"ecosystem": "RubyGems",
"name": "net-imap"
},
"ranges": [
{
"events": [
{
"introduced": "0.6.0"
},
{
"fixed": "0.6.4.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 0.5.14"
},
"package": {
"ecosystem": "RubyGems",
"name": "net-imap"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.5.15"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-47240"
],
"database_specific": {
"cwe_ids": [
"CWE-77",
"CWE-93"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-09T18:36:04Z",
"nvd_published_at": "2026-06-22T21:16:24Z",
"severity": "MODERATE"
},
"details": "Several Net::IMAP commands accept a \"raw data\" argument that is sent verbatim after validation to prevent command injection. However, if a server does not support non-synchronizing literals, it may still be possible to inject arbitrary IMAP commands inside non-synchronizing literals.\n\n### Details\n\nRaw data arguments support embedded literal values, both synchronizing and non-synchronizing. Non-synchronizing literals can only be safely sent when the server advertises any of the `LITERAL+`, `LITERAL-`, or `IMAP4rev2` capabilities. But raw data arguments do not verify server support for non-synchronizing literals prior to sending.\n\nServers without support for non-synchronizing literals could handle them in several different ways: If a server sees a `\"}\\r\\n\"` byte sequence but can\u0027t parse the literal bytesize, it _may_ cautiously decide to close the connection, blocking any command injection attacks. However, a server without support for non-synchronizing literals may instead interpret the `\"+}\\r\\n\"` as the end of a malformed command line and respond with a tagged `BAD`. In that case, the contents of the literal will be interpreted as one or more new pipelined commands, allowing a CRLF command injection attack to succeed.\n\nThis affects the following commands\u0027 string arguments:\n* `criteria` for `#search` and `#uid_search`\n* `search_keys` for `#sort`, `#thread`, `#uid_sort`, and `#uid_thread`\n* `attr` for `#fetch` and `#uid_fetch`\n\nPrior to `net-imap` v0.6.4, v0.5.14, and v0.4.24, raw data arguments were not validated in _any_ way, so they were also vulnerable to this attack. See CVE-2026-42257 (GHSA-hm49-wcqc-g2xg).\n\n### Impact\n\nFortunately, `LITERAL-` is supported by most modern IMAP servers. Even without support for non-synchronizing literals, cautious servers may handle invalid literal bytesize by closing the connection . However, servers which handle a non-synchronizing literal just like any other malformed command will enable this vulnerability.\n\nIf a developer passes an unvalidated user-controlled input for one of these method arguments, an attacker can append CRLF sequence followed by a new IMAP command (like DELETE mailbox). Although this does not directly enable data exfiltration, it could be combined with other attack vectors or knowledge of the target system\u0027s attributes, e.g.: shared mail folders or the application\u0027s installed response handlers.\n\n### Mitigation\n\nUpdate to a version of `net-imap` which validates server support for non-synchronizing literals before sending them.\n\nIf upgrading `net-imap` is not possible:\n* Explicitly validate user-controlled inputs to prevent embedded non-synchronizing literals unless the server supports them.\n* For a simpler, more cautious approach: all embedded literals can be unconditionally prohibited, by checking that string inputs do not contain any CR or LF bytes.\n* Verify that the server advertises any of the `LITERAL+`, `LITERAL-`, or `IMAP4rev2` capabilities before using untrusted string inputs for the affected \"raw data\" arguments.",
"id": "GHSA-8p34-64r3-mwg8",
"modified": "2026-07-06T22:53:42Z",
"published": "2026-06-09T18:36:04Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/ruby/net-imap/security/advisories/GHSA-8p34-64r3-mwg8"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47240"
},
{
"type": "PACKAGE",
"url": "https://github.com/ruby/net-imap"
},
{
"type": "WEB",
"url": "https://github.com/ruby/net-imap/releases/tag/v0.6.4.1"
},
{
"type": "WEB",
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/net-imap/CVE-2026-47240.yml"
},
{
"type": "WEB",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-47240"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Net::IMAP: Command Injection via non-synchronizing literal in \"raw\" argument"
}
MSRC_CVE-2026-47240
Vulnerability from csaf_microsoft - Published: 2026-06-02 00:00 - Updated: 2026-06-27 01:09| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 17084-1 | — |
None Available
|
| URL | Category |
|---|---|
| https://msrc.microsoft.com/csaf/vex/2026/msrc_cve… | self |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/csaf/vex/2026/msrc_cve… | self |
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2026-47240 Net::IMAP: Command Injection via non-synchronizing literal in \"raw\" argument - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-47240.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "Net::IMAP: Command Injection via non-synchronizing literal in \"raw\" argument",
"tracking": {
"current_release_date": "2026-06-27T01:09:36.000Z",
"generator": {
"date": "2026-06-28T07:10:57.312Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2026-47240",
"initial_release_date": "2026-06-02T00:00:00.000Z",
"revision_history": [
{
"date": "2026-06-27T01:09:36.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "azl3 ruby 0:3.3.5-8.azl3",
"product": {
"name": "azl3 ruby 0:3.3.5-8.azl3",
"product_id": "1"
}
}
],
"category": "product_name",
"name": "ruby"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 ruby 0:3.3.5-8.azl3 as a component of Azure Linux 3.0",
"product_id": "17084-1"
},
"product_reference": "1",
"relates_to_product_reference": "17084"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-47240",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"notes": [
{
"category": "general",
"text": "GitHub_M",
"title": "Assigning CNA"
}
],
"product_status": {
"known_affected": [
"17084-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-47240 Net::IMAP: Command Injection via non-synchronizing literal in \"raw\" argument - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-47240.json"
}
],
"remediations": [
{
"category": "none_available",
"date": "2026-06-27T01:09:36.000Z",
"details": "There is no fix available for this vulnerability as of now",
"product_ids": [
"17084-1"
]
}
],
"title": "Net::IMAP: Command Injection via non-synchronizing literal in \"raw\" argument"
}
]
}
RHSA-2026:33551
Vulnerability from csaf_redhat - Published: 2026-06-30 14:25 - Updated: 2026-07-15 21:43A flaw was found in Net::IMAP, a Ruby library implementing the Internet Message Access Protocol (IMAP) client functionality. A hostile server can exploit a quadratic time complexity issue in the `Net::IMAP::ResponseReader` when processing large responses containing numerous string literals. This can lead to the client's CPU being exhausted, resulting in a denial of service (DoS) attack.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:ruby4-0-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:ruby4-0-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:ruby4-0-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:ruby4-0-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the Ruby net-imap library. When upgrading a cleartext IMAP connection to TLS using the Net::IMAP#starttls method, the library improperly handles certain responses received during STARTTLS negotiation. A man-in-the-middle (MITM) attacker can inject a predicted tagged OK response before the client completes the STARTTLS command, causing the operation to appear successful without establishing a TLS session. As a result, the connection may continue to transmit sensitive information in cleartext and enable modification of data exchanged over the affected connection, while the application incorrectly believes that encryption has been enabled.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:ruby4-0-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:ruby4-0-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:ruby4-0-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:ruby4-0-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Net::IMAP, a Ruby library for Internet Message Access Protocol (IMAP) client functionality. A hostile server can exploit this vulnerability during SCRAM-SHA1 or SCRAM-SHA256 (Salted Challenge Response Authentication Mechanism - Secure Hash Algorithm 1 or 256) authentication by sending an excessively large iteration count value. This can lead to a computational denial-of-service attack, causing the client process to become unresponsive.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:ruby4-0-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:ruby4-0-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:ruby4-0-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:ruby4-0-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Net::IMAP, a Ruby library that provides Internet Message Access Protocol (IMAP) client functionality. This vulnerability allows a remote attacker to inject arbitrary IMAP commands. This is possible when an IMAP server does not support non-synchronizing literals, leading to the misinterpretation of data as new commands. This command injection could enable unauthorized actions on the IMAP server.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:ruby4-0-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:ruby4-0-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:ruby4-0-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:ruby4-0-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Net::IMAP, a Ruby client library for the Internet Message Access Protocol (IMAP). This vulnerability allows a remote attacker to cause a denial of service by sending specially crafted input to certain Net::IMAP commands. When a raw string argument, derived from user-controlled input, is not properly validated, it can force subsequent commands to be absorbed, leading to a hung connection and preventing further processing until the connection is closed.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:ruby4-0-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:ruby4-0-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:ruby4-0-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:ruby4-0-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Red Hat Hardened Images RPMs is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "This update includes the following RPMs:\n\nruby4.0:\n * ruby4.0-4.0.0-33.4.hum1 (aarch64, x86_64)\n * ruby4.0-bundled-gems-4.0.0-33.4.hum1 (aarch64, x86_64)\n * ruby4.0-default-gems-4.0.0-33.4.hum1 (noarch)\n * ruby4.0-devel-4.0.0-33.4.hum1 (aarch64, x86_64)\n * ruby4.0-doc-4.0.0-33.4.hum1 (noarch)\n * ruby4.0-libs-4.0.0-33.4.hum1 (aarch64, x86_64)\n * rubygem4.0-bigdecimal-4.0.1-33.4.hum1 (aarch64, x86_64)\n * rubygem4.0-bundler-4.0.3-33.4.hum1 (noarch)\n * rubygem4.0-devel-4.0.3-33.4.hum1 (noarch)\n * rubygem4.0-io-console-0.8.2-33.4.hum1 (aarch64, x86_64)\n * rubygem4.0-irb-1.16.0-33.4.hum1 (noarch)\n * rubygem4.0-json-2.18.0-33.4.hum1 (aarch64, x86_64)\n * rubygem4.0-minitest-6.0.0-33.4.hum1 (noarch)\n * rubygem4.0-power_assert-3.0.1-33.4.hum1 (noarch)\n * rubygem4.0-psych-5.3.1-33.4.hum1 (aarch64, x86_64)\n * rubygem4.0-racc-1.8.1-33.4.hum1 (aarch64, x86_64)\n * rubygem4.0-rake-13.3.1-33.4.hum1 (noarch)\n * rubygem4.0-rbs-3.10.0-33.4.hum1 (aarch64, x86_64)\n * rubygem4.0-rdoc-7.0.3-33.4.hum1 (noarch)\n * rubygem4.0-rexml-3.4.4-33.4.hum1 (noarch)\n * rubygem4.0-rss-0.3.2-33.4.hum1 (noarch)\n * rubygem4.0-rubygems-4.0.3-33.4.hum1 (noarch)\n * rubygem4.0-test-unit-3.7.5-33.4.hum1 (noarch)\n * rubygem4.0-typeprof-0.31.1-33.4.hum1 (noarch)\n * ruby4.0-4.0.0-33.4.hum1.src (src)\n\nSecurity Fix(es):\n\nruby4.0:\n * CVE-2026-42245\n * CVE-2026-42246\n * CVE-2026-42256\n * CVE-2026-47240\n * CVE-2026-47242",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:33551",
"url": "https://access.redhat.com/errata/RHSA-2026:33551"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42245",
"url": "https://access.redhat.com/security/cve/CVE-2026-42245"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42246",
"url": "https://access.redhat.com/security/cve/CVE-2026-42246"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42256",
"url": "https://access.redhat.com/security/cve/CVE-2026-42256"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-47240",
"url": "https://access.redhat.com/security/cve/CVE-2026-47240"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-47242",
"url": "https://access.redhat.com/security/cve/CVE-2026-47242"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://images.redhat.com/",
"url": "https://images.redhat.com/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-47241",
"url": "https://access.redhat.com/security/cve/CVE-2026-47241"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_33551.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs Security Update",
"tracking": {
"current_release_date": "2026-07-15T21:43:19+00:00",
"generator": {
"date": "2026-07-15T21:43:19+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.6"
}
},
"id": "RHSA-2026:33551",
"initial_release_date": "2026-06-30T14:25:13+00:00",
"revision_history": [
{
"date": "2026-06-30T14:25:13+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-07-03T13:26:16+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-15T21:43:19+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Hardened Images",
"product": {
"name": "Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:hummingbird:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Hardened Images"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby4-0-main@aarch64",
"product": {
"name": "ruby4-0-main@aarch64",
"product_id": "ruby4-0-main@aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby4.0@4.0.0-33.4.hum1?arch=aarch64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-aarch64-rpms"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby4-0-main@src",
"product": {
"name": "ruby4-0-main@src",
"product_id": "ruby4-0-main@src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby4.0@4.0.0-33.4.hum1?arch=src\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby4-0-main@x86_64",
"product": {
"name": "ruby4-0-main@x86_64",
"product_id": "ruby4-0-main@x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby4.0@4.0.0-33.4.hum1?arch=x86_64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby4-0-main@noarch",
"product": {
"name": "ruby4-0-main@noarch",
"product_id": "ruby4-0-main@noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby4.0-default-gems@4.0.0-33.4.hum1?arch=noarch\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby4-0-main@aarch64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:ruby4-0-main@aarch64"
},
"product_reference": "ruby4-0-main@aarch64",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby4-0-main@noarch as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:ruby4-0-main@noarch"
},
"product_reference": "ruby4-0-main@noarch",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby4-0-main@src as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:ruby4-0-main@src"
},
"product_reference": "ruby4-0-main@src",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby4-0-main@x86_64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:ruby4-0-main@x86_64"
},
"product_reference": "ruby4-0-main@x86_64",
"relates_to_product_reference": "Red Hat Hardened Images"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-42245",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"discovery_date": "2026-05-09T20:00:52.314743+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2468495"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Net::IMAP, a Ruby library implementing the Internet Message Access Protocol (IMAP) client functionality. A hostile server can exploit a quadratic time complexity issue in the `Net::IMAP::ResponseReader` when processing large responses containing numerous string literals. This can lead to the client\u0027s CPU being exhausted, resulting in a denial of service (DoS) attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: net-imap: Net::IMAP: Denial of Service via crafted IMAP responses",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat has rated this flaw as Moderate because a malicious IMAP server can trigger excessive CPU consumption in applications using the affected Net::IMAP library, resulting in a denial-of-service condition. Successful exploitation requires interaction with a hostile server, and the impact is limited to resource exhaustion of the affected client process. The vulnerability does not allow code execution, privilege escalation, or unauthorized access to data, reducing the overall security impact despite the potential availability impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42245"
},
{
"category": "external",
"summary": "RHBZ#2468495",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2468495"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42245",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42245"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42245",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42245"
},
{
"category": "external",
"summary": "https://github.com/ruby/net-imap/commit/6091f7d6b1f3514cafbfe39c76f2b5d73de3ca96",
"url": "https://github.com/ruby/net-imap/commit/6091f7d6b1f3514cafbfe39c76f2b5d73de3ca96"
},
{
"category": "external",
"summary": "https://github.com/ruby/net-imap/commit/88d95231fc8afef11c1f074453f7d75b68c9dfda",
"url": "https://github.com/ruby/net-imap/commit/88d95231fc8afef11c1f074453f7d75b68c9dfda"
},
{
"category": "external",
"summary": "https://github.com/ruby/net-imap/commit/de685f91a4a4cc75eb80da898c2bf8af08d34819",
"url": "https://github.com/ruby/net-imap/commit/de685f91a4a4cc75eb80da898c2bf8af08d34819"
},
{
"category": "external",
"summary": "https://github.com/ruby/net-imap/releases/tag/v0.4.24",
"url": "https://github.com/ruby/net-imap/releases/tag/v0.4.24"
},
{
"category": "external",
"summary": "https://github.com/ruby/net-imap/releases/tag/v0.5.14",
"url": "https://github.com/ruby/net-imap/releases/tag/v0.5.14"
},
{
"category": "external",
"summary": "https://github.com/ruby/net-imap/releases/tag/v0.6.4",
"url": "https://github.com/ruby/net-imap/releases/tag/v0.6.4"
},
{
"category": "external",
"summary": "https://github.com/ruby/net-imap/security/advisories/GHSA-q2mw-fvj9-vvcw",
"url": "https://github.com/ruby/net-imap/security/advisories/GHSA-q2mw-fvj9-vvcw"
}
],
"release_date": "2026-05-09T19:37:08.905000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T14:25:13+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33551"
},
{
"category": "workaround",
"details": "To reduce the risk of a denial of service, ensure that applications using the Net::IMAP library are configured to connect exclusively to trusted IMAP servers. Avoid connecting to untrusted or unverified IMAP services, as a hostile server can exploit this vulnerability. This operational control helps prevent exposure to malicious IMAP response processing.",
"product_ids": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ruby: net-imap: Net::IMAP: Denial of Service via crafted IMAP responses"
},
{
"cve": "CVE-2026-42246",
"cwe": {
"id": "CWE-325",
"name": "Missing Cryptographic Step"
},
"discovery_date": "2026-05-09T20:01:04.782096+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2468499"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Ruby net-imap library. When upgrading a cleartext IMAP connection to TLS using the Net::IMAP#starttls method, the library improperly handles certain responses received during STARTTLS negotiation. A man-in-the-middle (MITM) attacker can inject a predicted tagged OK response before the client completes the STARTTLS command, causing the operation to appear successful without establishing a TLS session. As a result, the connection may continue to transmit sensitive information in cleartext and enable modification of data exchanged over the affected connection, while the application incorrectly believes that encryption has been enabled.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net-imap: ruby: Net::IMAP: Information disclosure via man-in-the-middle attack bypassing TLS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability affects the STARTTLS functionality in the Ruby net-imap library. Red Hat Product Security has assessed this issue as an Important severity vulnerability.\n\nAttack Complexity is considered High (AC:H), because successful exploitation requires an attacker capable of intercepting and modifying network traffic and successfully winning a timing race during the STARTTLS negotiation process.\n\nThis may allow exposure of authentication credentials, email contents, and other sensitive information, as well as unauthorized modification of data transmitted over the affected connection.\n\n```\n\nRed Hat\u0027s ruby packages distribute net-imap as a default bundled gem, the ruby package itself is listed affected. Applications relying on the system-provided Ruby installation to handle IMAP connections may be exposed to this flaw.\n\nRed Hat 3scale API Management uses net-imap which is a transitive dependency of mail, which is a dependency of actionmailer and actionmailbox. The images doesn\u2019t load them or use them in any way, hence, they are not affected.\n\n```",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42246"
},
{
"category": "external",
"summary": "RHBZ#2468499",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2468499"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42246",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42246"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42246",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42246"
},
{
"category": "external",
"summary": "https://github.com/ruby/net-imap/commit/0ede4c40b1523dfeaf95777b2678e54cc0fd9618",
"url": "https://github.com/ruby/net-imap/commit/0ede4c40b1523dfeaf95777b2678e54cc0fd9618"
},
{
"category": "external",
"summary": "https://github.com/ruby/net-imap/commit/24a4e770b43230286a05aa2a9746cdbb3eb8485e",
"url": "https://github.com/ruby/net-imap/commit/24a4e770b43230286a05aa2a9746cdbb3eb8485e"
},
{
"category": "external",
"summary": "https://github.com/ruby/net-imap/commit/97e2488fb5401a1783bddd959dde007d9fbce42c",
"url": "https://github.com/ruby/net-imap/commit/97e2488fb5401a1783bddd959dde007d9fbce42c"
},
{
"category": "external",
"summary": "https://github.com/ruby/net-imap/commit/f79d35bf5833f186e81044c57c843eda30c873da",
"url": "https://github.com/ruby/net-imap/commit/f79d35bf5833f186e81044c57c843eda30c873da"
},
{
"category": "external",
"summary": "https://github.com/ruby/net-imap/releases/tag/v0.3.10",
"url": "https://github.com/ruby/net-imap/releases/tag/v0.3.10"
},
{
"category": "external",
"summary": "https://github.com/ruby/net-imap/releases/tag/v0.4.24",
"url": "https://github.com/ruby/net-imap/releases/tag/v0.4.24"
},
{
"category": "external",
"summary": "https://github.com/ruby/net-imap/releases/tag/v0.5.14",
"url": "https://github.com/ruby/net-imap/releases/tag/v0.5.14"
},
{
"category": "external",
"summary": "https://github.com/ruby/net-imap/security/advisories/GHSA-vcgp-9326-pqcp",
"url": "https://github.com/ruby/net-imap/security/advisories/GHSA-vcgp-9326-pqcp"
}
],
"release_date": "2026-05-09T19:33:17.880000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T14:25:13+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33551"
},
{
"category": "workaround",
"details": "As a temporary workaround, Users are strongly encouraged to switch from explicit TLS upgrading mechanisms (STARTTLS on port 143) to Implicit TLS connections (such as IMAPS on port 993).\n\nBy enforcing implicit TLS via port 993 from the initial socket creation step, the connection is mathematically protected against packet injection and connection degradation tactics entirely, bypassing the vulnerable implementation path.",
"product_ids": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net-imap: ruby: Net::IMAP: Information disclosure via man-in-the-middle attack bypassing TLS"
},
{
"cve": "CVE-2026-42256",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"discovery_date": "2026-05-09T20:01:08.343909+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2468500"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Net::IMAP, a Ruby library for Internet Message Access Protocol (IMAP) client functionality. A hostile server can exploit this vulnerability during SCRAM-SHA1 or SCRAM-SHA256 (Salted Challenge Response Authentication Mechanism - Secure Hash Algorithm 1 or 256) authentication by sending an excessively large iteration count value. This can lead to a computational denial-of-service attack, causing the client process to become unresponsive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby/net-imap: ruby: Net::IMAP: Denial of Service via large iteration count in SCRAM authentication",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42256"
},
{
"category": "external",
"summary": "RHBZ#2468500",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2468500"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42256",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42256"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42256",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42256"
},
{
"category": "external",
"summary": "https://github.com/ruby/net-imap/commit/158d0b505074397cdb5ceb58935e42dd2bcfa612",
"url": "https://github.com/ruby/net-imap/commit/158d0b505074397cdb5ceb58935e42dd2bcfa612"
},
{
"category": "external",
"summary": "https://github.com/ruby/net-imap/commit/808001bc45c06f7297a7e96d341279e041a7f7f4",
"url": "https://github.com/ruby/net-imap/commit/808001bc45c06f7297a7e96d341279e041a7f7f4"
},
{
"category": "external",
"summary": "https://github.com/ruby/net-imap/commit/99f59eab6064955a23debd95410263ad144df758",
"url": "https://github.com/ruby/net-imap/commit/99f59eab6064955a23debd95410263ad144df758"
},
{
"category": "external",
"summary": "https://github.com/ruby/net-imap/releases/tag/v0.4.24",
"url": "https://github.com/ruby/net-imap/releases/tag/v0.4.24"
},
{
"category": "external",
"summary": "https://github.com/ruby/net-imap/releases/tag/v0.5.14",
"url": "https://github.com/ruby/net-imap/releases/tag/v0.5.14"
},
{
"category": "external",
"summary": "https://github.com/ruby/net-imap/releases/tag/v0.6.4",
"url": "https://github.com/ruby/net-imap/releases/tag/v0.6.4"
},
{
"category": "external",
"summary": "https://github.com/ruby/net-imap/security/advisories/GHSA-87pf-fpwv-p7m7",
"url": "https://github.com/ruby/net-imap/security/advisories/GHSA-87pf-fpwv-p7m7"
}
],
"release_date": "2026-05-09T19:38:33.106000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T14:25:13+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33551"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ruby/net-imap: ruby: Net::IMAP: Denial of Service via large iteration count in SCRAM authentication"
},
{
"cve": "CVE-2026-47240",
"cwe": {
"id": "CWE-93",
"name": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)"
},
"discovery_date": "2026-06-22T21:01:00.124981+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2491519"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Net::IMAP, a Ruby library that provides Internet Message Access Protocol (IMAP) client functionality. This vulnerability allows a remote attacker to inject arbitrary IMAP commands. This is possible when an IMAP server does not support non-synchronizing literals, leading to the misinterpretation of data as new commands. This command injection could enable unauthorized actions on the IMAP server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net-imap: Net::IMAP: Command injection via non-synchronizing literals",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Moderate flaw in the Net::IMAP Ruby library allows for command injection against IMAP servers that lack support for non-synchronizing literals. An attacker could exploit this by providing specially crafted input, leading to the execution of arbitrary IMAP commands and potential unauthorized actions. This risk is primarily present in deployments interacting with older or non-standard IMAP server configurations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-47240"
},
{
"category": "external",
"summary": "RHBZ#2491519",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2491519"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-47240",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-47240"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-47240",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47240"
},
{
"category": "external",
"summary": "https://github.com/ruby/net-imap/security/advisories/GHSA-8p34-64r3-mwg8",
"url": "https://github.com/ruby/net-imap/security/advisories/GHSA-8p34-64r3-mwg8"
}
],
"release_date": "2026-06-22T20:17:15.376000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T14:25:13+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33551"
},
{
"category": "workaround",
"details": "Explicitly validate user-controlled inputs to prevent embedded non-synchronizing literals unless the server supports them. For a simpler, more cautious approach: all embedded literals can be unconditionally prohibited, by checking that string inputs do not contain any CR or LF bytes.",
"product_ids": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "net-imap: Net::IMAP: Command injection via non-synchronizing literals"
},
{
"cve": "CVE-2026-47241",
"cwe": {
"id": "CWE-88",
"name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
},
"discovery_date": "2026-06-22T21:01:13.810999+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2491523"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Net::IMAP, a Ruby client library for the Internet Message Access Protocol (IMAP). This vulnerability allows a remote attacker to cause a denial of service by sending specially crafted input to certain Net::IMAP commands. When a raw string argument, derived from user-controlled input, is not properly validated, it can force subsequent commands to be absorbed, leading to a hung connection and preventing further processing until the connection is closed.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net-imap: rubygem-net-imap: Net::IMAP: Denial of Service via malformed command input",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A Moderate denial of service flaw was found in the Net::IMAP Ruby client library. This issue occurs when a remote attacker sends specially crafted input to certain Net::IMAP commands, causing the client connection to hang indefinitely. This can prevent further processing of IMAP commands until the connection is manually closed, impacting the availability of services relying on the Net::IMAP client.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-47241"
},
{
"category": "external",
"summary": "RHBZ#2491523",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2491523"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-47241",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-47241"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-47241",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47241"
},
{
"category": "external",
"summary": "https://github.com/ruby/net-imap/security/advisories/GHSA-c4fp-cxrr-mj66",
"url": "https://github.com/ruby/net-imap/security/advisories/GHSA-c4fp-cxrr-mj66"
}
],
"release_date": "2026-06-22T20:11:04.329000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T14:25:13+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33551"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:ruby4-0-main@aarch64",
"Red Hat Hardened Images:ruby4-0-main@noarch",
"Red Hat Hardened Images:ruby4-0-main@src",
"Red Hat Hardened Images:ruby4-0-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "net-imap: rubygem-net-imap: Net::IMAP: Denial of Service via malformed command input"
}
]
}
RHSA-2026:33721
Vulnerability from csaf_redhat - Published: 2026-06-30 19:02 - Updated: 2026-07-14 20:36A flaw was found in Net::IMAP, a Ruby library implementing the Internet Message Access Protocol (IMAP) client functionality. A hostile server can exploit a quadratic time complexity issue in the `Net::IMAP::ResponseReader` when processing large responses containing numerous string literals. This can lead to the client's CPU being exhausted, resulting in a denial of service (DoS) attack.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:ruby3-3-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:ruby3-3-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:ruby3-3-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:ruby3-3-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the Ruby net-imap library. When upgrading a cleartext IMAP connection to TLS using the Net::IMAP#starttls method, the library improperly handles certain responses received during STARTTLS negotiation. A man-in-the-middle (MITM) attacker can inject a predicted tagged OK response before the client completes the STARTTLS command, causing the operation to appear successful without establishing a TLS session. As a result, the connection may continue to transmit sensitive information in cleartext and enable modification of data exchanged over the affected connection, while the application incorrectly believes that encryption has been enabled.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:ruby3-3-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:ruby3-3-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:ruby3-3-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:ruby3-3-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Net::IMAP, a Ruby library for Internet Message Access Protocol (IMAP) client functionality. A hostile server can exploit this vulnerability during SCRAM-SHA1 or SCRAM-SHA256 (Salted Challenge Response Authentication Mechanism - Secure Hash Algorithm 1 or 256) authentication by sending an excessively large iteration count value. This can lead to a computational denial-of-service attack, causing the client process to become unresponsive.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:ruby3-3-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:ruby3-3-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:ruby3-3-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:ruby3-3-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Red Hat Hardened Images RPMs is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "This update includes the following RPMs:\n\nruby3.3:\n * ruby3.3-3.3.10-23.2.hum1 (aarch64, x86_64)\n * ruby3.3-bundled-gems-3.3.10-23.2.hum1 (aarch64, x86_64)\n * ruby3.3-default-gems-3.3.10-23.2.hum1 (noarch)\n * ruby3.3-devel-3.3.10-23.2.hum1 (aarch64, x86_64)\n * ruby3.3-doc-3.3.10-23.2.hum1 (noarch)\n * ruby3.3-libs-3.3.10-23.2.hum1 (aarch64, x86_64)\n * rubygem3.3-bigdecimal-3.1.5-23.2.hum1 (aarch64, x86_64)\n * rubygem3.3-bundler-2.5.22-23.2.hum1 (noarch)\n * rubygem3.3-devel-3.5.22-23.2.hum1 (noarch)\n * rubygem3.3-io-console-0.7.1-23.2.hum1 (aarch64, x86_64)\n * rubygem3.3-irb-1.13.1-23.2.hum1 (noarch)\n * rubygem3.3-json-2.7.2-23.2.hum1 (aarch64, x86_64)\n * rubygem3.3-minitest-5.20.0-23.2.hum1 (noarch)\n * rubygem3.3-power_assert-2.0.3-23.2.hum1 (noarch)\n * rubygem3.3-psych-5.1.2-23.2.hum1 (aarch64, x86_64)\n * rubygem3.3-racc-1.7.3-23.2.hum1 (aarch64, x86_64)\n * rubygem3.3-rake-13.1.0-23.2.hum1 (noarch)\n * rubygem3.3-rbs-3.4.0-23.2.hum1 (aarch64, x86_64)\n * rubygem3.3-rdoc-6.6.3.1-23.2.hum1 (noarch)\n * rubygem3.3-rexml-3.4.4-23.2.hum1 (noarch)\n * rubygem3.3-rss-0.3.1-23.2.hum1 (noarch)\n * rubygem3.3-rubygems-3.5.22-23.2.hum1 (noarch)\n * rubygem3.3-test-unit-3.6.1-23.2.hum1 (noarch)\n * rubygem3.3-typeprof-0.21.9-23.2.hum1 (noarch)\n * ruby3.3-3.3.10-23.2.hum1.src (src)\n\nSecurity Fix(es):\n\nruby3.3:\n * CVE-2026-42245\n * CVE-2026-42246\n * CVE-2026-42256",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:33721",
"url": "https://access.redhat.com/errata/RHSA-2026:33721"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42245",
"url": "https://access.redhat.com/security/cve/CVE-2026-42245"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42246",
"url": "https://access.redhat.com/security/cve/CVE-2026-42246"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42256",
"url": "https://access.redhat.com/security/cve/CVE-2026-42256"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://images.redhat.com/",
"url": "https://images.redhat.com/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_33721.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs Security Update",
"tracking": {
"current_release_date": "2026-07-14T20:36:27+00:00",
"generator": {
"date": "2026-07-14T20:36:27+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.2"
}
},
"id": "RHSA-2026:33721",
"initial_release_date": "2026-06-30T19:02:30+00:00",
"revision_history": [
{
"date": "2026-06-30T19:02:30+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-07-14T19:21:43+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-14T20:36:27+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Hardened Images",
"product": {
"name": "Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:hummingbird:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Hardened Images"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby3-3-main@aarch64",
"product": {
"name": "ruby3-3-main@aarch64",
"product_id": "ruby3-3-main@aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby3.3@3.3.10-23.2.hum1?arch=aarch64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-aarch64-rpms"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby3-3-main@src",
"product": {
"name": "ruby3-3-main@src",
"product_id": "ruby3-3-main@src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby3.3@3.3.10-23.2.hum1?arch=src\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby3-3-main@x86_64",
"product": {
"name": "ruby3-3-main@x86_64",
"product_id": "ruby3-3-main@x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby3.3@3.3.10-23.2.hum1?arch=x86_64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby3-3-main@noarch",
"product": {
"name": "ruby3-3-main@noarch",
"product_id": "ruby3-3-main@noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby3.3-default-gems@3.3.10-23.2.hum1?arch=noarch\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3-3-main@aarch64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:ruby3-3-main@aarch64"
},
"product_reference": "ruby3-3-main@aarch64",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3-3-main@noarch as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:ruby3-3-main@noarch"
},
"product_reference": "ruby3-3-main@noarch",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3-3-main@src as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:ruby3-3-main@src"
},
"product_reference": "ruby3-3-main@src",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3-3-main@x86_64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:ruby3-3-main@x86_64"
},
"product_reference": "ruby3-3-main@x86_64",
"relates_to_product_reference": "Red Hat Hardened Images"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-42245",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"discovery_date": "2026-05-09T20:00:52.314743+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2468495"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Net::IMAP, a Ruby library implementing the Internet Message Access Protocol (IMAP) client functionality. A hostile server can exploit a quadratic time complexity issue in the `Net::IMAP::ResponseReader` when processing large responses containing numerous string literals. This can lead to the client\u0027s CPU being exhausted, resulting in a denial of service (DoS) attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby: net-imap: Net::IMAP: Denial of Service via crafted IMAP responses",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat has rated this flaw as Moderate because a malicious IMAP server can trigger excessive CPU consumption in applications using the affected Net::IMAP library, resulting in a denial-of-service condition. Successful exploitation requires interaction with a hostile server, and the impact is limited to resource exhaustion of the affected client process. The vulnerability does not allow code execution, privilege escalation, or unauthorized access to data, reducing the overall security impact despite the potential availability impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42245"
},
{
"category": "external",
"summary": "RHBZ#2468495",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2468495"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42245",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42245"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42245",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42245"
},
{
"category": "external",
"summary": "https://github.com/ruby/net-imap/commit/6091f7d6b1f3514cafbfe39c76f2b5d73de3ca96",
"url": "https://github.com/ruby/net-imap/commit/6091f7d6b1f3514cafbfe39c76f2b5d73de3ca96"
},
{
"category": "external",
"summary": "https://github.com/ruby/net-imap/commit/88d95231fc8afef11c1f074453f7d75b68c9dfda",
"url": "https://github.com/ruby/net-imap/commit/88d95231fc8afef11c1f074453f7d75b68c9dfda"
},
{
"category": "external",
"summary": "https://github.com/ruby/net-imap/commit/de685f91a4a4cc75eb80da898c2bf8af08d34819",
"url": "https://github.com/ruby/net-imap/commit/de685f91a4a4cc75eb80da898c2bf8af08d34819"
},
{
"category": "external",
"summary": "https://github.com/ruby/net-imap/releases/tag/v0.4.24",
"url": "https://github.com/ruby/net-imap/releases/tag/v0.4.24"
},
{
"category": "external",
"summary": "https://github.com/ruby/net-imap/releases/tag/v0.5.14",
"url": "https://github.com/ruby/net-imap/releases/tag/v0.5.14"
},
{
"category": "external",
"summary": "https://github.com/ruby/net-imap/releases/tag/v0.6.4",
"url": "https://github.com/ruby/net-imap/releases/tag/v0.6.4"
},
{
"category": "external",
"summary": "https://github.com/ruby/net-imap/security/advisories/GHSA-q2mw-fvj9-vvcw",
"url": "https://github.com/ruby/net-imap/security/advisories/GHSA-q2mw-fvj9-vvcw"
}
],
"release_date": "2026-05-09T19:37:08.905000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T19:02:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33721"
},
{
"category": "workaround",
"details": "To reduce the risk of a denial of service, ensure that applications using the Net::IMAP library are configured to connect exclusively to trusted IMAP servers. Avoid connecting to untrusted or unverified IMAP services, as a hostile server can exploit this vulnerability. This operational control helps prevent exposure to malicious IMAP response processing.",
"product_ids": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ruby: net-imap: Net::IMAP: Denial of Service via crafted IMAP responses"
},
{
"cve": "CVE-2026-42246",
"cwe": {
"id": "CWE-325",
"name": "Missing Cryptographic Step"
},
"discovery_date": "2026-05-09T20:01:04.782096+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2468499"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Ruby net-imap library. When upgrading a cleartext IMAP connection to TLS using the Net::IMAP#starttls method, the library improperly handles certain responses received during STARTTLS negotiation. A man-in-the-middle (MITM) attacker can inject a predicted tagged OK response before the client completes the STARTTLS command, causing the operation to appear successful without establishing a TLS session. As a result, the connection may continue to transmit sensitive information in cleartext and enable modification of data exchanged over the affected connection, while the application incorrectly believes that encryption has been enabled.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net-imap: ruby: Net::IMAP: Information disclosure via man-in-the-middle attack bypassing TLS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability affects the STARTTLS functionality in the Ruby net-imap library. Red Hat Product Security has assessed this issue as an Important severity vulnerability.\n\nAttack Complexity is considered High (AC:H), because successful exploitation requires an attacker capable of intercepting and modifying network traffic and successfully winning a timing race during the STARTTLS negotiation process.\n\nThis may allow exposure of authentication credentials, email contents, and other sensitive information, as well as unauthorized modification of data transmitted over the affected connection.\n\n```\n\nRed Hat\u0027s ruby packages distribute net-imap as a default bundled gem, the ruby package itself is listed affected. Applications relying on the system-provided Ruby installation to handle IMAP connections may be exposed to this flaw.\n\nRed Hat 3scale API Management uses net-imap which is a transitive dependency of mail, which is a dependency of actionmailer and actionmailbox. The images doesn\u2019t load them or use them in any way, hence, they are not affected.\n\n```",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42246"
},
{
"category": "external",
"summary": "RHBZ#2468499",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2468499"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42246",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42246"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42246",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42246"
},
{
"category": "external",
"summary": "https://github.com/ruby/net-imap/commit/0ede4c40b1523dfeaf95777b2678e54cc0fd9618",
"url": "https://github.com/ruby/net-imap/commit/0ede4c40b1523dfeaf95777b2678e54cc0fd9618"
},
{
"category": "external",
"summary": "https://github.com/ruby/net-imap/commit/24a4e770b43230286a05aa2a9746cdbb3eb8485e",
"url": "https://github.com/ruby/net-imap/commit/24a4e770b43230286a05aa2a9746cdbb3eb8485e"
},
{
"category": "external",
"summary": "https://github.com/ruby/net-imap/commit/97e2488fb5401a1783bddd959dde007d9fbce42c",
"url": "https://github.com/ruby/net-imap/commit/97e2488fb5401a1783bddd959dde007d9fbce42c"
},
{
"category": "external",
"summary": "https://github.com/ruby/net-imap/commit/f79d35bf5833f186e81044c57c843eda30c873da",
"url": "https://github.com/ruby/net-imap/commit/f79d35bf5833f186e81044c57c843eda30c873da"
},
{
"category": "external",
"summary": "https://github.com/ruby/net-imap/releases/tag/v0.3.10",
"url": "https://github.com/ruby/net-imap/releases/tag/v0.3.10"
},
{
"category": "external",
"summary": "https://github.com/ruby/net-imap/releases/tag/v0.4.24",
"url": "https://github.com/ruby/net-imap/releases/tag/v0.4.24"
},
{
"category": "external",
"summary": "https://github.com/ruby/net-imap/releases/tag/v0.5.14",
"url": "https://github.com/ruby/net-imap/releases/tag/v0.5.14"
},
{
"category": "external",
"summary": "https://github.com/ruby/net-imap/security/advisories/GHSA-vcgp-9326-pqcp",
"url": "https://github.com/ruby/net-imap/security/advisories/GHSA-vcgp-9326-pqcp"
}
],
"release_date": "2026-05-09T19:33:17.880000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T19:02:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33721"
},
{
"category": "workaround",
"details": "As a temporary workaround, Users are strongly encouraged to switch from explicit TLS upgrading mechanisms (STARTTLS on port 143) to Implicit TLS connections (such as IMAPS on port 993).\n\nBy enforcing implicit TLS via port 993 from the initial socket creation step, the connection is mathematically protected against packet injection and connection degradation tactics entirely, bypassing the vulnerable implementation path.",
"product_ids": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net-imap: ruby: Net::IMAP: Information disclosure via man-in-the-middle attack bypassing TLS"
},
{
"cve": "CVE-2026-42256",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"discovery_date": "2026-05-09T20:01:08.343909+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2468500"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Net::IMAP, a Ruby library for Internet Message Access Protocol (IMAP) client functionality. A hostile server can exploit this vulnerability during SCRAM-SHA1 or SCRAM-SHA256 (Salted Challenge Response Authentication Mechanism - Secure Hash Algorithm 1 or 256) authentication by sending an excessively large iteration count value. This can lead to a computational denial-of-service attack, causing the client process to become unresponsive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ruby/net-imap: ruby: Net::IMAP: Denial of Service via large iteration count in SCRAM authentication",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42256"
},
{
"category": "external",
"summary": "RHBZ#2468500",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2468500"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42256",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42256"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42256",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42256"
},
{
"category": "external",
"summary": "https://github.com/ruby/net-imap/commit/158d0b505074397cdb5ceb58935e42dd2bcfa612",
"url": "https://github.com/ruby/net-imap/commit/158d0b505074397cdb5ceb58935e42dd2bcfa612"
},
{
"category": "external",
"summary": "https://github.com/ruby/net-imap/commit/808001bc45c06f7297a7e96d341279e041a7f7f4",
"url": "https://github.com/ruby/net-imap/commit/808001bc45c06f7297a7e96d341279e041a7f7f4"
},
{
"category": "external",
"summary": "https://github.com/ruby/net-imap/commit/99f59eab6064955a23debd95410263ad144df758",
"url": "https://github.com/ruby/net-imap/commit/99f59eab6064955a23debd95410263ad144df758"
},
{
"category": "external",
"summary": "https://github.com/ruby/net-imap/releases/tag/v0.4.24",
"url": "https://github.com/ruby/net-imap/releases/tag/v0.4.24"
},
{
"category": "external",
"summary": "https://github.com/ruby/net-imap/releases/tag/v0.5.14",
"url": "https://github.com/ruby/net-imap/releases/tag/v0.5.14"
},
{
"category": "external",
"summary": "https://github.com/ruby/net-imap/releases/tag/v0.6.4",
"url": "https://github.com/ruby/net-imap/releases/tag/v0.6.4"
},
{
"category": "external",
"summary": "https://github.com/ruby/net-imap/security/advisories/GHSA-87pf-fpwv-p7m7",
"url": "https://github.com/ruby/net-imap/security/advisories/GHSA-87pf-fpwv-p7m7"
}
],
"release_date": "2026-05-09T19:38:33.106000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T19:02:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33721"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ruby/net-imap: ruby: Net::IMAP: Denial of Service via large iteration count in SCRAM authentication"
}
]
}
RHSA-2026:40380
Vulnerability from csaf_redhat - Published: 2026-07-15 21:40 - Updated: 2026-07-16 03:44A flaw was found in Net::IMAP (before 0.4.24, 0.5.14, and 0.6.4). Several commands accept raw string arguments sent to the server without validation or escaping; if derived from user-controlled input, CRLF sequences allow injection of arbitrary IMAP commands.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:ruby3-3-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:ruby3-3-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:ruby3-3-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:ruby3-3-main@x86_64 | — |
Vendor Fix
fix
|
A flaw was found in Net::IMAP, a Ruby library that provides Internet Message Access Protocol (IMAP) client functionality. This vulnerability allows a remote attacker to inject arbitrary IMAP commands. This is possible when an IMAP server does not support non-synchronizing literals, leading to the misinterpretation of data as new commands. This command injection could enable unauthorized actions on the IMAP server.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:ruby3-3-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:ruby3-3-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:ruby3-3-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:ruby3-3-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Net::IMAP, a Ruby client library for the Internet Message Access Protocol (IMAP). This vulnerability allows a remote attacker to cause a denial of service by sending specially crafted input to certain Net::IMAP commands. When a raw string argument, derived from user-controlled input, is not properly validated, it can force subsequent commands to be absorbed, leading to a hung connection and preventing further processing until the connection is closed.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:ruby3-3-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:ruby3-3-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:ruby3-3-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:ruby3-3-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Red Hat Hardened Images RPMs is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "This update includes the following RPMs:\n\nruby3.3:\n * ruby3.3-3.3.10-23.4.hum1 (aarch64, x86_64)\n * ruby3.3-bundled-gems-3.3.10-23.4.hum1 (aarch64, x86_64)\n * ruby3.3-default-gems-3.3.10-23.4.hum1 (noarch)\n * ruby3.3-devel-3.3.10-23.4.hum1 (aarch64, x86_64)\n * ruby3.3-doc-3.3.10-23.4.hum1 (noarch)\n * ruby3.3-libs-3.3.10-23.4.hum1 (aarch64, x86_64)\n * rubygem3.3-bigdecimal-3.1.5-23.4.hum1 (aarch64, x86_64)\n * rubygem3.3-bundler-2.5.22-23.4.hum1 (noarch)\n * rubygem3.3-devel-3.5.22-23.4.hum1 (noarch)\n * rubygem3.3-io-console-0.7.1-23.4.hum1 (aarch64, x86_64)\n * rubygem3.3-irb-1.13.1-23.4.hum1 (noarch)\n * rubygem3.3-json-2.7.2-23.4.hum1 (aarch64, x86_64)\n * rubygem3.3-minitest-5.20.0-23.4.hum1 (noarch)\n * rubygem3.3-power_assert-2.0.3-23.4.hum1 (noarch)\n * rubygem3.3-psych-5.1.2-23.4.hum1 (aarch64, x86_64)\n * rubygem3.3-racc-1.7.3-23.4.hum1 (aarch64, x86_64)\n * rubygem3.3-rake-13.1.0-23.4.hum1 (noarch)\n * rubygem3.3-rbs-3.4.0-23.4.hum1 (aarch64, x86_64)\n * rubygem3.3-rdoc-6.6.3.1-23.4.hum1 (noarch)\n * rubygem3.3-rexml-3.4.4-23.4.hum1 (noarch)\n * rubygem3.3-rss-0.3.1-23.4.hum1 (noarch)\n * rubygem3.3-rubygems-3.5.22-23.4.hum1 (noarch)\n * rubygem3.3-test-unit-3.6.1-23.4.hum1 (noarch)\n * rubygem3.3-typeprof-0.21.9-23.4.hum1 (noarch)\n * ruby3.3-3.3.10-23.4.hum1.src (src)\n\nSecurity Fix(es):\n\nruby3.3:\n * CVE-2026-47240\n * CVE-2026-47241\n * CVE-2026-47242",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:40380",
"url": "https://access.redhat.com/errata/RHSA-2026:40380"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-47240",
"url": "https://access.redhat.com/security/cve/CVE-2026-47240"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-47241",
"url": "https://access.redhat.com/security/cve/CVE-2026-47241"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-47242",
"url": "https://access.redhat.com/security/cve/CVE-2026-47242"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://images.redhat.com/",
"url": "https://images.redhat.com/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42257",
"url": "https://access.redhat.com/security/cve/CVE-2026-42257"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_40380.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs Security Update",
"tracking": {
"current_release_date": "2026-07-16T03:44:00+00:00",
"generator": {
"date": "2026-07-16T03:44:00+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.6"
}
},
"id": "RHSA-2026:40380",
"initial_release_date": "2026-07-15T21:40:28+00:00",
"revision_history": [
{
"date": "2026-07-15T21:40:28+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-07-16T01:57:12+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-16T03:44:00+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Hardened Images",
"product": {
"name": "Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:hummingbird:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Hardened Images"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby3-3-main@aarch64",
"product": {
"name": "ruby3-3-main@aarch64",
"product_id": "ruby3-3-main@aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby3.3@3.3.10-23.4.hum1?arch=aarch64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-aarch64-rpms"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby3-3-main@src",
"product": {
"name": "ruby3-3-main@src",
"product_id": "ruby3-3-main@src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby3.3@3.3.10-23.4.hum1?arch=src\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby3-3-main@x86_64",
"product": {
"name": "ruby3-3-main@x86_64",
"product_id": "ruby3-3-main@x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby3.3@3.3.10-23.4.hum1?arch=x86_64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby3-3-main@noarch",
"product": {
"name": "ruby3-3-main@noarch",
"product_id": "ruby3-3-main@noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ruby3.3-default-gems@3.3.10-23.4.hum1?arch=noarch\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3-3-main@aarch64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:ruby3-3-main@aarch64"
},
"product_reference": "ruby3-3-main@aarch64",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3-3-main@noarch as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:ruby3-3-main@noarch"
},
"product_reference": "ruby3-3-main@noarch",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3-3-main@src as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:ruby3-3-main@src"
},
"product_reference": "ruby3-3-main@src",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3-3-main@x86_64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:ruby3-3-main@x86_64"
},
"product_reference": "ruby3-3-main@x86_64",
"relates_to_product_reference": "Red Hat Hardened Images"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-42257",
"cwe": {
"id": "CWE-93",
"name": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)"
},
"discovery_date": "2026-05-09T20:00:49.315366+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2468494"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Net::IMAP (before 0.4.24, 0.5.14, and 0.6.4). Several commands accept raw string arguments sent to the server without validation or escaping; if derived from user-controlled input, CRLF sequences allow injection of arbitrary IMAP commands.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net-imap: Net::IMAP: Arbitrary IMAP command injection via CRLF sequences in unvalidated input",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Net::IMAP is vulnerable to IMAP command injection in versions before 0.4.24, 0.5.14, and 0.6.4. Several client commands accept raw string arguments that are sent to the IMAP server without CRLF validation or escaping; if application code passes user-controlled data into those arguments, an attacker can inject additional IMAP commands by embedding carriage return and line feed sequences. Red Hat impact is concentrated in Ruby-based products that bundle a vulnerable net-imap gem, including RHEL Ruby module streams, OpenShift Serverless (hummingbird) Ruby runtimes, and 3scale AMP components (zync/system) that use Net::IMAP with externally influenced input; Perl IMAP client packages on Fedora are a separate codebase and are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42257"
},
{
"category": "external",
"summary": "RHBZ#2468494",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2468494"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42257",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42257"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42257",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42257"
},
{
"category": "external",
"summary": "https://github.com/ruby/net-imap/releases/tag/v0.4.24",
"url": "https://github.com/ruby/net-imap/releases/tag/v0.4.24"
},
{
"category": "external",
"summary": "https://github.com/ruby/net-imap/releases/tag/v0.5.14",
"url": "https://github.com/ruby/net-imap/releases/tag/v0.5.14"
},
{
"category": "external",
"summary": "https://github.com/ruby/net-imap/releases/tag/v0.6.4",
"url": "https://github.com/ruby/net-imap/releases/tag/v0.6.4"
},
{
"category": "external",
"summary": "https://github.com/ruby/net-imap/security/advisories/GHSA-hm49-wcqc-g2xg",
"url": "https://github.com/ruby/net-imap/security/advisories/GHSA-hm49-wcqc-g2xg"
}
],
"release_date": "2026-05-09T19:39:48.398000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-15T21:40:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:40380"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "net-imap: Net::IMAP: Arbitrary IMAP command injection via CRLF sequences in unvalidated input"
},
{
"cve": "CVE-2026-47240",
"cwe": {
"id": "CWE-93",
"name": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)"
},
"discovery_date": "2026-06-22T21:01:00.124981+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2491519"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Net::IMAP, a Ruby library that provides Internet Message Access Protocol (IMAP) client functionality. This vulnerability allows a remote attacker to inject arbitrary IMAP commands. This is possible when an IMAP server does not support non-synchronizing literals, leading to the misinterpretation of data as new commands. This command injection could enable unauthorized actions on the IMAP server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net-imap: Net::IMAP: Command injection via non-synchronizing literals",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Moderate flaw in the Net::IMAP Ruby library allows for command injection against IMAP servers that lack support for non-synchronizing literals. An attacker could exploit this by providing specially crafted input, leading to the execution of arbitrary IMAP commands and potential unauthorized actions. This risk is primarily present in deployments interacting with older or non-standard IMAP server configurations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-47240"
},
{
"category": "external",
"summary": "RHBZ#2491519",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2491519"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-47240",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-47240"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-47240",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47240"
},
{
"category": "external",
"summary": "https://github.com/ruby/net-imap/security/advisories/GHSA-8p34-64r3-mwg8",
"url": "https://github.com/ruby/net-imap/security/advisories/GHSA-8p34-64r3-mwg8"
}
],
"release_date": "2026-06-22T20:17:15.376000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-15T21:40:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:40380"
},
{
"category": "workaround",
"details": "Explicitly validate user-controlled inputs to prevent embedded non-synchronizing literals unless the server supports them. For a simpler, more cautious approach: all embedded literals can be unconditionally prohibited, by checking that string inputs do not contain any CR or LF bytes.",
"product_ids": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "net-imap: Net::IMAP: Command injection via non-synchronizing literals"
},
{
"cve": "CVE-2026-47241",
"cwe": {
"id": "CWE-88",
"name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
},
"discovery_date": "2026-06-22T21:01:13.810999+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2491523"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Net::IMAP, a Ruby client library for the Internet Message Access Protocol (IMAP). This vulnerability allows a remote attacker to cause a denial of service by sending specially crafted input to certain Net::IMAP commands. When a raw string argument, derived from user-controlled input, is not properly validated, it can force subsequent commands to be absorbed, leading to a hung connection and preventing further processing until the connection is closed.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net-imap: rubygem-net-imap: Net::IMAP: Denial of Service via malformed command input",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A Moderate denial of service flaw was found in the Net::IMAP Ruby client library. This issue occurs when a remote attacker sends specially crafted input to certain Net::IMAP commands, causing the client connection to hang indefinitely. This can prevent further processing of IMAP commands until the connection is manually closed, impacting the availability of services relying on the Net::IMAP client.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-47241"
},
{
"category": "external",
"summary": "RHBZ#2491523",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2491523"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-47241",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-47241"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-47241",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47241"
},
{
"category": "external",
"summary": "https://github.com/ruby/net-imap/security/advisories/GHSA-c4fp-cxrr-mj66",
"url": "https://github.com/ruby/net-imap/security/advisories/GHSA-c4fp-cxrr-mj66"
}
],
"release_date": "2026-06-22T20:11:04.329000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-15T21:40:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:40380"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:ruby3-3-main@aarch64",
"Red Hat Hardened Images:ruby3-3-main@noarch",
"Red Hat Hardened Images:ruby3-3-main@src",
"Red Hat Hardened Images:ruby3-3-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "net-imap: rubygem-net-imap: Net::IMAP: Denial of Service via malformed command input"
}
]
}
ubuntu-cve-2026-47240
Vulnerability from osv_ubuntu
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to 0.6.5 and 0.5.15, several Net::IMAP commands accept a "raw data" argument that is sent verbatim after validation to prevent command injection. However, if a server does not support non-synchronizing literals, it may still be possible to inject arbitrary IMAP commands inside non-synchronizing literals. A server without support for non-synchronizing literals may interpret the "+}\r\n" as the end of a malformed command line and respond with a tagged BAD. In that case, the contents of the literal will be interpreted as one or more new pipelined commands, allowing a CRLF command injection attack to succeed. This affects criteria for #search and #uid_search; search_keys for #sort, #thread, #uid_sort, and #uid_thread; and attr for #fetch and #uid_fetch. This vulnerability is fixed in 0.6.5 and 0.5.15.
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "jruby",
"binary_version": "1.5.6-9+deb8u2build0.14.04.1~esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:14.04:LTS",
"name": "jruby",
"purl": "pkg:deb/ubuntu/jruby@1.5.6-9+deb8u2build0.14.04.1~esm2?arch=source\u0026distro=esm-infra-legacy/trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.5.6-5ubuntu1",
"1.5.6-6",
"1.5.6-7",
"1.5.6-9+deb8u2build0.14.04.1~esm2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libruby2.3",
"binary_version": "2.3.1-2~ubuntu16.04.16+esm15"
},
{
"binary_name": "ruby2.3",
"binary_version": "2.3.1-2~ubuntu16.04.16+esm15"
},
{
"binary_name": "ruby2.3-tcltk",
"binary_version": "2.3.1-2~ubuntu16.04.16+esm15"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "ruby2.3",
"purl": "pkg:deb/ubuntu/ruby2.3@2.3.1-2~ubuntu16.04.16+esm15?arch=source\u0026distro=esm-infra-legacy/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.3.0-1",
"2.3.0-2",
"2.3.0-4ubuntu2",
"2.3.0-4ubuntu3",
"2.3.0-5ubuntu1",
"2.3.1-2~16.04",
"2.3.1-2~16.04.2",
"2.3.1-2~16.04.4",
"2.3.1-2~16.04.5",
"2.3.1-2~16.04.6",
"2.3.1-2~16.04.7",
"2.3.1-2~16.04.9",
"2.3.1-2~16.04.10",
"2.3.1-2~16.04.11",
"2.3.1-2~16.04.12",
"2.3.1-2~ubuntu16.04.13",
"2.3.1-2~ubuntu16.04.14",
"2.3.1-2~ubuntu16.04.15",
"2.3.1-2~ubuntu16.04.16",
"2.3.1-2~ubuntu16.04.16+esm1",
"2.3.1-2~ubuntu16.04.16+esm2",
"2.3.1-2~ubuntu16.04.16+esm3",
"2.3.1-2~ubuntu16.04.16+esm4",
"2.3.1-2~ubuntu16.04.16+esm5",
"2.3.1-2~ubuntu16.04.16+esm6",
"2.3.1-2~ubuntu16.04.16+esm7",
"2.3.1-2~ubuntu16.04.16+esm8",
"2.3.1-2~ubuntu16.04.16+esm9",
"2.3.1-2~ubuntu16.04.16+esm10",
"2.3.1-2~ubuntu16.04.16+esm11",
"2.3.1-2~ubuntu16.04.16+esm12",
"2.3.1-2~ubuntu16.04.16+esm14",
"2.3.1-2~ubuntu16.04.16+esm15"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "jruby",
"binary_version": "1.7.22-1ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "jruby",
"purl": "pkg:deb/ubuntu/jruby@1.7.22-1ubuntu1?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.7.21-2ubuntu4",
"1.7.22-1ubuntu1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libruby2.5",
"binary_version": "2.5.1-1ubuntu1.16+esm8"
},
{
"binary_name": "ruby2.5",
"binary_version": "2.5.1-1ubuntu1.16+esm8"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "ruby2.5",
"purl": "pkg:deb/ubuntu/ruby2.5@2.5.1-1ubuntu1.16+esm8?arch=source\u0026distro=esm-infra/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.5.0~preview1-1ubuntu2",
"2.5.0-4ubuntu1",
"2.5.0-4ubuntu4",
"2.5.0-5ubuntu1",
"2.5.0-6ubuntu1",
"2.5.1-1ubuntu1",
"2.5.1-1ubuntu1.1",
"2.5.1-1ubuntu1.2",
"2.5.1-1ubuntu1.4",
"2.5.1-1ubuntu1.5",
"2.5.1-1ubuntu1.6",
"2.5.1-1ubuntu1.7",
"2.5.1-1ubuntu1.8",
"2.5.1-1ubuntu1.9",
"2.5.1-1ubuntu1.10",
"2.5.1-1ubuntu1.11",
"2.5.1-1ubuntu1.12",
"2.5.1-1ubuntu1.13",
"2.5.1-1ubuntu1.14",
"2.5.1-1ubuntu1.15",
"2.5.1-1ubuntu1.16",
"2.5.1-1ubuntu1.16+esm1",
"2.5.1-1ubuntu1.16+esm3",
"2.5.1-1ubuntu1.16+esm4",
"2.5.1-1ubuntu1.16+esm5",
"2.5.1-1ubuntu1.16+esm6",
"2.5.1-1ubuntu1.16+esm7",
"2.5.1-1ubuntu1.16+esm8"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "jruby",
"binary_version": "9.1.17.0-1~18.04"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "jruby",
"purl": "pkg:deb/ubuntu/jruby@9.1.17.0-1~18.04?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"9.1.13.0-1",
"9.1.17.0-1~18.04"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libruby2.7",
"binary_version": "2.7.0-5ubuntu1.18+esm5"
},
{
"binary_name": "ruby2.7",
"binary_version": "2.7.0-5ubuntu1.18+esm5"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:20.04:LTS",
"name": "ruby2.7",
"purl": "pkg:deb/ubuntu/ruby2.7@2.7.0-5ubuntu1.18+esm5?arch=source\u0026distro=esm-infra/focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.7.0-1",
"2.7.0-2",
"2.7.0-3",
"2.7.0-4",
"2.7.0-4ubuntu1",
"2.7.0-5ubuntu1",
"2.7.0-5ubuntu1.1",
"2.7.0-5ubuntu1.2",
"2.7.0-5ubuntu1.3",
"2.7.0-5ubuntu1.4",
"2.7.0-5ubuntu1.5",
"2.7.0-5ubuntu1.6",
"2.7.0-5ubuntu1.7",
"2.7.0-5ubuntu1.8",
"2.7.0-5ubuntu1.9",
"2.7.0-5ubuntu1.10",
"2.7.0-5ubuntu1.11",
"2.7.0-5ubuntu1.12",
"2.7.0-5ubuntu1.13",
"2.7.0-5ubuntu1.14",
"2.7.0-5ubuntu1.15",
"2.7.0-5ubuntu1.16",
"2.7.0-5ubuntu1.17",
"2.7.0-5ubuntu1.18",
"2.7.0-5ubuntu1.18+esm1",
"2.7.0-5ubuntu1.18+esm3",
"2.7.0-5ubuntu1.18+esm4",
"2.7.0-5ubuntu1.18+esm5"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "jruby",
"binary_version": "9.1.17.0-3build6"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "jruby",
"purl": "pkg:deb/ubuntu/jruby@9.1.17.0-3build6?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"9.1.17.0-3",
"9.1.17.0-3build5",
"9.1.17.0-3build6"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libruby3.0",
"binary_version": "3.0.2-7ubuntu2.13"
},
{
"binary_name": "ruby3.0",
"binary_version": "3.0.2-7ubuntu2.13"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "ruby3.0",
"purl": "pkg:deb/ubuntu/ruby3.0@3.0.2-7ubuntu2.13?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.0.2-5ubuntu1",
"3.0.2-7",
"3.0.2-7ubuntu2",
"3.0.2-7ubuntu2.1",
"3.0.2-7ubuntu2.2",
"3.0.2-7ubuntu2.3",
"3.0.2-7ubuntu2.4",
"3.0.2-7ubuntu2.5",
"3.0.2-7ubuntu2.6",
"3.0.2-7ubuntu2.7",
"3.0.2-7ubuntu2.8",
"3.0.2-7ubuntu2.10",
"3.0.2-7ubuntu2.11",
"3.0.2-7ubuntu2.12",
"3.0.2-7ubuntu2.13"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "jruby",
"binary_version": "9.4.6.0+ds-1ubuntu3"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "jruby",
"purl": "pkg:deb/ubuntu/jruby@9.4.6.0+ds-1ubuntu3?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"9.3.9.0+ds-1",
"9.4.5.0+ds-1",
"9.4.5.0+ds-1ubuntu1",
"9.4.6.0+ds-1ubuntu3"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libruby3.2",
"binary_version": "3.2.3-1ubuntu0.24.04.8"
},
{
"binary_name": "ruby3.2",
"binary_version": "3.2.3-1ubuntu0.24.04.8"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "ruby3.2",
"purl": "pkg:deb/ubuntu/ruby3.2@3.2.3-1ubuntu0.24.04.8?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.2.3-1",
"3.2.3-1build2",
"3.2.3-1build3",
"3.2.3-1ubuntu0.24.04.1",
"3.2.3-1ubuntu0.24.04.3",
"3.2.3-1ubuntu0.24.04.5",
"3.2.3-1ubuntu0.24.04.6",
"3.2.3-1ubuntu0.24.04.7",
"3.2.3-1ubuntu0.24.04.8"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "jruby",
"binary_version": "9.4.8.0+ds-3ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "jruby",
"purl": "pkg:deb/ubuntu/jruby@9.4.8.0+ds-3ubuntu1?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"9.4.8.0+ds-2ubuntu1",
"9.4.8.0+ds-3ubuntu1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libruby3.3",
"binary_version": "3.3.8-2ubuntu2.1"
},
{
"binary_name": "ruby3.3",
"binary_version": "3.3.8-2ubuntu2.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "ruby3.3",
"purl": "pkg:deb/ubuntu/ruby3.3@3.3.8-2ubuntu2.1?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.3.7-1ubuntu2",
"3.3.8-2ubuntu1",
"3.3.8-2ubuntu2",
"3.3.8-2ubuntu2.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "jruby",
"binary_version": "9.4.8.0+ds-3ubuntu1"
}
]
},
"package": {
"ecosystem": "Ubuntu:26.04:LTS",
"name": "jruby",
"purl": "pkg:deb/ubuntu/jruby@9.4.8.0+ds-3ubuntu1?arch=source\u0026distro=resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"9.4.8.0+ds-3ubuntu1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libruby3.3",
"binary_version": "3.3.8-2ubuntu3.1"
},
{
"binary_name": "ruby3.3",
"binary_version": "3.3.8-2ubuntu3.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:26.04:LTS",
"name": "ruby3.3",
"purl": "pkg:deb/ubuntu/ruby3.3@3.3.8-2ubuntu3.1?arch=source\u0026distro=resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.3.8-2ubuntu2",
"3.3.8-2ubuntu3",
"3.3.8-2ubuntu3.1"
]
}
],
"aliases": [],
"details": "Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to 0.6.5 and 0.5.15, several Net::IMAP commands accept a \"raw data\" argument that is sent verbatim after validation to prevent command injection. However, if a server does not support non-synchronizing literals, it may still be possible to inject arbitrary IMAP commands inside non-synchronizing literals. A server without support for non-synchronizing literals may interpret the \"+}\\r\\n\" as the end of a malformed command line and respond with a tagged BAD. In that case, the contents of the literal will be interpreted as one or more new pipelined commands, allowing a CRLF command injection attack to succeed. This affects criteria for #search and #uid_search; search_keys for #sort, #thread, #uid_sort, and #uid_thread; and attr for #fetch and #uid_fetch. This vulnerability is fixed in 0.6.5 and 0.5.15.",
"id": "UBUNTU-CVE-2026-47240",
"modified": "2026-07-16T18:27:46Z",
"published": "2026-06-22T21:16:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-47240"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-47240"
},
{
"type": "REPORT",
"url": "https://github.com/ruby/net-imap/security/advisories/GHSA-8p34-64r3-mwg8"
}
],
"related": [],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2026-47240"
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.