CVE-2026-42257: CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection') in ruby net-imap
CVE-2026-42257 is a medium severity vulnerability in the ruby net-imap library where certain commands accept raw string arguments without validation or escaping. This allows an attacker to inject CRLF sequences if the input is user-controlled, potentially injecting arbitrary IMAP commands. The issue affects versions prior to 0. 4. 24, 0. 5. 14, and 0. 6. 4 and has been patched in these versions. No known exploits are reported in the wild.
AI Analysis
Technical Summary
The ruby net-imap library implements IMAP client functionality. Versions before 0.4.24, 0.5.14, and 0.6.4 accept raw string arguments in several commands without sanitizing CRLF sequences. If these strings come from user input, an attacker can inject CRLF sequences to insert arbitrary IMAP commands, leading to potential command injection. The vulnerability is identified as CWE-93 (Improper Neutralization of CRLF Sequences) and CWE-77 (Improper Neutralization of Special Elements used in a Command). The vulnerability has a CVSS 4.0 score of 5.8 (medium severity). The issue has been fixed in versions 0.4.24, 0.5.14, and 0.6.4.
Potential Impact
An attacker able to supply crafted input to vulnerable net-imap commands can inject arbitrary IMAP commands due to improper neutralization of CRLF sequences. This could lead to unexpected behavior in the IMAP client-server communication, potentially affecting confidentiality or integrity of IMAP sessions. No known exploits in the wild have been reported.
Mitigation Recommendations
Upgrade net-imap to version 0.4.24, 0.5.14, or 0.6.4 or later, where this vulnerability is patched. Since the vendor advisory indicates the issue is fixed in these versions, applying these official fixes is the recommended remediation. Patch status is confirmed by the vendor advisory. No additional mitigations are specified.
CVE-2026-42257: CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection') in ruby net-imap
Description
CVE-2026-42257 is a medium severity vulnerability in the ruby net-imap library where certain commands accept raw string arguments without validation or escaping. This allows an attacker to inject CRLF sequences if the input is user-controlled, potentially injecting arbitrary IMAP commands. The issue affects versions prior to 0. 4. 24, 0. 5. 14, and 0. 6. 4 and has been patched in these versions. No known exploits are reported in the wild.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The ruby net-imap library implements IMAP client functionality. Versions before 0.4.24, 0.5.14, and 0.6.4 accept raw string arguments in several commands without sanitizing CRLF sequences. If these strings come from user input, an attacker can inject CRLF sequences to insert arbitrary IMAP commands, leading to potential command injection. The vulnerability is identified as CWE-93 (Improper Neutralization of CRLF Sequences) and CWE-77 (Improper Neutralization of Special Elements used in a Command). The vulnerability has a CVSS 4.0 score of 5.8 (medium severity). The issue has been fixed in versions 0.4.24, 0.5.14, and 0.6.4.
Potential Impact
An attacker able to supply crafted input to vulnerable net-imap commands can inject arbitrary IMAP commands due to improper neutralization of CRLF sequences. This could lead to unexpected behavior in the IMAP client-server communication, potentially affecting confidentiality or integrity of IMAP sessions. No known exploits in the wild have been reported.
Mitigation Recommendations
Upgrade net-imap to version 0.4.24, 0.5.14, or 0.6.4 or later, where this vulnerability is patched. Since the vendor advisory indicates the issue is fixed in these versions, applying these official fixes is the recommended remediation. Patch status is confirmed by the vendor advisory. No additional mitigations are specified.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-04-26T11:53:27.704Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69ff93c0cbff5d86106e4595
Added to database: 5/9/2026, 8:06:24 PM
Last enriched: 5/9/2026, 8:21:29 PM
Last updated: 5/9/2026, 10:14:24 PM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.