CVE-2026-42258 - Medium Severity Vulnerability
Vulnerable Library - net-imap-0.6.3.gem
Ruby client api for Internet Message Access Protocol
Library home page: https://rubygems.org/gems/net-imap-0.6.3.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /tmp/containerbase/cache/.ruby/cache/net-imap-0.6.3.gem
Dependency Hierarchy:
- gettext_i18n_rails_js-1.3.1.gem (Root Library)
- rails-8.0.4.gem
- actionmailer-8.0.4.gem
- mail-2.9.0.gem
- ❌ net-imap-0.6.3.gem (Vulnerable Library)
Found in base branch: master
Vulnerability Details
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, symbol arguments to commands are vulnerable to a CRLF Injection / IMAP Command injection via Symbol arguments passed to IMAP commands. This issue has been patched in versions 0.4.24, 0.5.14, and 0.6.4.
Publish Date: 2026-05-09
URL: CVE-2026-42258
CVSS 3 Score Details (5.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: High
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: High
- Availability Impact: Low
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: GHSA-75xq-5h9v-w6px
Release Date: 2026-05-05
Fix Resolution: net-imap - 0.4.24,https://github.com/ruby/net-imap.git - v0.4.24,https://github.com/ruby/net-imap.git - v0.6.4,net-imap - 0.6.4,net-imap - 0.5.14,https://github.com/ruby/net-imap.git - v0.5.14
Step up your Open Source Security Game with Mend here
CVE-2026-42258 - Medium Severity Vulnerability
Ruby client api for Internet Message Access Protocol
Library home page: https://rubygems.org/gems/net-imap-0.6.3.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /tmp/containerbase/cache/.ruby/cache/net-imap-0.6.3.gem
Dependency Hierarchy:
Found in base branch: master
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, symbol arguments to commands are vulnerable to a CRLF Injection / IMAP Command injection via Symbol arguments passed to IMAP commands. This issue has been patched in versions 0.4.24, 0.5.14, and 0.6.4.
Publish Date: 2026-05-09
URL: CVE-2026-42258
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: High
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: High
- Availability Impact: Low
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: GHSA-75xq-5h9v-w6px
Release Date: 2026-05-05
Fix Resolution: net-imap - 0.4.24,https://github.com/ruby/net-imap.git - v0.4.24,https://github.com/ruby/net-imap.git - v0.6.4,net-imap - 0.6.4,net-imap - 0.5.14,https://github.com/ruby/net-imap.git - v0.5.14
Step up your Open Source Security Game with Mend here