Bug 2468498 (CVE-2026-42258)
| Summary: | CVE-2026-42258 ruby/net-imap: ruby: Net::IMAP: IMAP Command Injection via Symbol Arguments | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | akostadi, amasferr, dmayorov, eshamard, jkoehler, jlledo, jvasik, kaycoth, lphiri, pantinor, rblanco, rhel-process-autobot, sdawley, tsedmik, watson-tool-maintainers |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was found in Net::IMAP, a Ruby library that provides Internet Message Access Protocol (IMAP) client functionality. This vulnerability allows a remote attacker to inject arbitrary IMAP commands. This is achieved by passing specially crafted symbol arguments to IMAP commands. Successful exploitation could lead to unauthorized actions on the IMAP server or client, potentially resulting in information disclosure or other integrity impacts.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2487319 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2026-05-09 20:01:24 UTC
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.6 Extended Update Support Via RHSA-2026:33462 https://access.redhat.com/errata/RHSA-2026:33462 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2026:33514 https://access.redhat.com/errata/RHSA-2026:33514 This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2026:33540 https://access.redhat.com/errata/RHSA-2026:33540 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2026:33512 https://access.redhat.com/errata/RHSA-2026:33512 This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2026:33565 https://access.redhat.com/errata/RHSA-2026:33565 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2026:33515 https://access.redhat.com/errata/RHSA-2026:33515 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions Via RHSA-2026:33630 https://access.redhat.com/errata/RHSA-2026:33630 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2026:33576 https://access.redhat.com/errata/RHSA-2026:33576 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2026:33577 https://access.redhat.com/errata/RHSA-2026:33577 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Red Hat Enterprise Linux 8.8 Telecommunications Update Service Via RHSA-2026:34076 https://access.redhat.com/errata/RHSA-2026:34076 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Via RHSA-2026:35834 https://access.redhat.com/errata/RHSA-2026:35834 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On Via RHSA-2026:35866 https://access.redhat.com/errata/RHSA-2026:35866 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On Via RHSA-2026:35867 https://access.redhat.com/errata/RHSA-2026:35867 This issue has been addressed in the following products: Red Hat Enterprise Linux 10.0 Extended Update Support Via RHSA-2026:35895 https://access.redhat.com/errata/RHSA-2026:35895 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions Via RHSA-2026:36099 https://access.redhat.com/errata/RHSA-2026:36099 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.6 Extended Update Support Via RHSA-2026:37238 https://access.redhat.com/errata/RHSA-2026:37238 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Extended Lifecycle Support Via RHSA-2026:37397 https://access.redhat.com/errata/RHSA-2026:37397 |