CVE-2026-42258
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, symb
CVSS
5.3
Medio
EPSS
0.8%
p53
KEV
—
Exploit Today
16
0-100
Publicado: 9 may 2026 · Última mod.: 16 jul 2026 · CWE-77 · CWE-93
0.7%EPSS · 30 días0.8%
2026-06-302026-07-16
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, symbol arguments to commands are vulnerable to a CRLF Injection / IMAP Command injection via Symbol arguments passed to IMAP commands. This issue has been patched in versions 0.4.24, 0.5.14, and 0.6.4.
- github.comhttps://github.com/ruby/net-imap/releases/tag/v0.4.24
- github.comhttps://github.com/ruby/net-imap/releases/tag/v0.5.14
- github.comhttps://github.com/ruby/net-imap/releases/tag/v0.6.4
- github.comhttps://github.com/ruby/net-imap/security/advisories/GHSA-75xq-5h9v-w6px
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:33462
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:33512
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:33514
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:33515
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:33540
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:33565
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:33576
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:33577
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:33630
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:34076
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:35447
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:35834
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:35866
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:35867
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:35895
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:36099
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2026-422718.8 ALT99.6%
KEV—80BerriAI LiteLLM Command Injection Vulnerability2dCVE-2023-349609.8 CRÍ99.9%
——30A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name.8dCVE-2023-376799.8 CRÍ99.9%
——30A remote command execution (RCE) vulnerability in NextGen Mirth Connect v4.3.0 allows attackers to execute arbitrary commands on the hosting server.8dCVE-2026-80379.6 CRÍ98.6%
——30OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in multiple command endpoints3dCVE-2022-457018.8 ALT98.5%
——30Arris TG2482A firmware through 9.1.103GEM9 allow Remote Code Execution (RCE) via the ping utility feature.8dCVE-2023-337828.8 ALT98.3%
——30D-Link DIR-842V2 v1.0.3 was discovered to contain a command injection vulnerability via the iperf3 diagnostics function.8d