CVE-2026-42258

EUVD-2026-28927
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, symbol arguments to commands are vulnerable to a CRLF Injection / IMAP Command injection via Symbol arguments passed to IMAP commands. This issue has been patched in versions 0.4.24, 0.5.14, and 0.6.4.
Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 56%
Affected Products (NVD)
VendorProductVersion
ruby-langnet\
𝑥
< 0.4.24
ruby-langnet\
0.5.0 ≤
𝑥
< 0.5.14
ruby-langnet\
0.6.0 ≤
𝑥
< 0.6.4
𝑥
= Vulnerable software versions
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
ruby3.4
Amazon Linux 2023
0:3.4.8-27.amzn2023.0.6
fixed
ruby3.4-bundled-gems
Amazon Linux 2023
0:3.4.8-27.amzn2023.0.6
fixed
ruby3.4-bundled-gems-debuginfo
Amazon Linux 2023
0:3.4.8-27.amzn2023.0.6
fixed
ruby3.4-debuginfo
Amazon Linux 2023
0:3.4.8-27.amzn2023.0.6
fixed
ruby3.4-debugsource
Amazon Linux 2023
0:3.4.8-27.amzn2023.0.6
fixed
ruby3.4-default-gems
Amazon Linux 2023
0:3.4.8-27.amzn2023.0.6
fixed
ruby3.4-devel
Amazon Linux 2023
0:3.4.8-27.amzn2023.0.6
fixed
ruby3.4-doc
Amazon Linux 2023
0:3.4.8-27.amzn2023.0.6
fixed
ruby3.4-libs
Amazon Linux 2023
0:3.4.8-27.amzn2023.0.6
fixed
ruby3.4-libs-debuginfo
Amazon Linux 2023
0:3.4.8-27.amzn2023.0.6
fixed
ruby3.4-rubygem-bigdecimal
Amazon Linux 2023
0:3.1.8-27.amzn2023.0.6
fixed
ruby3.4-rubygem-bigdecimal-debuginfo
Amazon Linux 2023
0:3.1.8-27.amzn2023.0.6
fixed
ruby3.4-rubygem-bundler
Amazon Linux 2023
0:2.6.9-27.amzn2023.0.6
fixed
ruby3.4-rubygem-io-console
Amazon Linux 2023
0:0.8.1-27.amzn2023.0.6
fixed
ruby3.4-rubygem-io-console-debuginfo
Amazon Linux 2023
0:0.8.1-27.amzn2023.0.6
fixed
ruby3.4-rubygem-irb
Amazon Linux 2023
0:1.14.3-27.amzn2023.0.6
fixed
ruby3.4-rubygem-json
Amazon Linux 2023
0:2.9.1-27.amzn2023.0.6
fixed
ruby3.4-rubygem-json-debuginfo
Amazon Linux 2023
0:2.9.1-27.amzn2023.0.6
fixed
ruby3.4-rubygem-minitest
Amazon Linux 2023
0:5.25.4-27.amzn2023.0.6
fixed
ruby3.4-rubygem-power_assert
Amazon Linux 2023
0:2.0.5-27.amzn2023.0.6
fixed
ruby3.4-rubygem-psych
Amazon Linux 2023
0:5.2.2-27.amzn2023.0.6
fixed
ruby3.4-rubygem-psych-debuginfo
Amazon Linux 2023
0:5.2.2-27.amzn2023.0.6
fixed
ruby3.4-rubygem-racc
Amazon Linux 2023
0:1.8.1-27.amzn2023.0.6
fixed
ruby3.4-rubygem-racc-debuginfo
Amazon Linux 2023
0:1.8.1-27.amzn2023.0.6
fixed
ruby3.4-rubygem-rake
Amazon Linux 2023
0:13.2.1-27.amzn2023.0.6
fixed
ruby3.4-rubygem-rbs
Amazon Linux 2023
0:3.8.0-27.amzn2023.0.6
fixed
ruby3.4-rubygem-rbs-debuginfo
Amazon Linux 2023
0:3.8.0-27.amzn2023.0.6
fixed
ruby3.4-rubygem-rdoc
Amazon Linux 2023
0:6.14.0-27.amzn2023.0.6
fixed
ruby3.4-rubygem-rexml
Amazon Linux 2023
0:3.4.4-27.amzn2023.0.6
fixed
ruby3.4-rubygem-rss
Amazon Linux 2023
0:0.3.1-27.amzn2023.0.6
fixed
ruby3.4-rubygem-test-unit
Amazon Linux 2023
0:3.6.7-27.amzn2023.0.6
fixed
ruby3.4-rubygem-typeprof
Amazon Linux 2023
0:0.30.1-27.amzn2023.0.6
fixed
ruby3.4-rubygems
Amazon Linux 2023
0:3.6.9-27.amzn2023.0.6
fixed
ruby3.4-rubygems-devel
Amazon Linux 2023
0:3.6.9-27.amzn2023.0.6
fixed
ruby4.0
Amazon Linux 2023
0:4.0.1-32.amzn2023.0.2
fixed
ruby4.0-bundled-gems
Amazon Linux 2023
0:4.0.1-32.amzn2023.0.2
fixed
ruby4.0-bundled-gems-debuginfo
Amazon Linux 2023
0:4.0.1-32.amzn2023.0.2
fixed
ruby4.0-debuginfo
Amazon Linux 2023
0:4.0.1-32.amzn2023.0.2
fixed
ruby4.0-debugsource
Amazon Linux 2023
0:4.0.1-32.amzn2023.0.2
fixed
ruby4.0-default-gems
Amazon Linux 2023
0:4.0.1-32.amzn2023.0.2
fixed
ruby4.0-devel
Amazon Linux 2023
0:4.0.1-32.amzn2023.0.2
fixed
ruby4.0-doc
Amazon Linux 2023
0:4.0.1-32.amzn2023.0.2
fixed
ruby4.0-libs
Amazon Linux 2023
0:4.0.1-32.amzn2023.0.2
fixed
ruby4.0-libs-debuginfo
Amazon Linux 2023
0:4.0.1-32.amzn2023.0.2
fixed
ruby4.0-rubygem-bigdecimal
Amazon Linux 2023
0:4.0.1-32.amzn2023.0.2
fixed
ruby4.0-rubygem-bigdecimal-debuginfo
Amazon Linux 2023
0:4.0.1-32.amzn2023.0.2
fixed
ruby4.0-rubygem-bundler
Amazon Linux 2023
0:4.0.3-32.amzn2023.0.2
fixed
ruby4.0-rubygem-io-console
Amazon Linux 2023
0:0.8.2-32.amzn2023.0.2
fixed
ruby4.0-rubygem-io-console-debuginfo
Amazon Linux 2023
0:0.8.2-32.amzn2023.0.2
fixed
ruby4.0-rubygem-irb
Amazon Linux 2023
0:1.16.0-32.amzn2023.0.2
fixed
ruby4.0-rubygem-json
Amazon Linux 2023
0:2.18.0-32.amzn2023.0.2
fixed
ruby4.0-rubygem-json-debuginfo
Amazon Linux 2023
0:2.18.0-32.amzn2023.0.2
fixed
ruby4.0-rubygem-minitest
Amazon Linux 2023
0:6.0.0-32.amzn2023.0.2
fixed
ruby4.0-rubygem-power_assert
Amazon Linux 2023
0:3.0.1-32.amzn2023.0.2
fixed
ruby4.0-rubygem-psych
Amazon Linux 2023
0:5.3.1-32.amzn2023.0.2
fixed
ruby4.0-rubygem-psych-debuginfo
Amazon Linux 2023
0:5.3.1-32.amzn2023.0.2
fixed
ruby4.0-rubygem-racc
Amazon Linux 2023
0:1.8.1-32.amzn2023.0.2
fixed
ruby4.0-rubygem-racc-debuginfo
Amazon Linux 2023
0:1.8.1-32.amzn2023.0.2
fixed
ruby4.0-rubygem-rake
Amazon Linux 2023
0:13.3.1-32.amzn2023.0.2
fixed
ruby4.0-rubygem-rbs
Amazon Linux 2023
0:3.10.0-32.amzn2023.0.2
fixed
ruby4.0-rubygem-rbs-debuginfo
Amazon Linux 2023
0:3.10.0-32.amzn2023.0.2
fixed
ruby4.0-rubygem-rdoc
Amazon Linux 2023
0:7.0.3-32.amzn2023.0.2
fixed
ruby4.0-rubygem-rexml
Amazon Linux 2023
0:3.4.4-32.amzn2023.0.2
fixed
ruby4.0-rubygem-rss
Amazon Linux 2023
0:0.3.2-32.amzn2023.0.2
fixed
ruby4.0-rubygem-test-unit
Amazon Linux 2023
0:3.7.5-32.amzn2023.0.2
fixed
ruby4.0-rubygem-typeprof
Amazon Linux 2023
0:0.31.1-32.amzn2023.0.2
fixed
ruby4.0-rubygems
Amazon Linux 2023
0:4.0.3-32.amzn2023.0.2
fixed
ruby4.0-rubygems-devel
Amazon Linux 2023
0:4.0.3-32.amzn2023.0.2
fixed
Common Weakness Enumeration
References
https://github.com/ruby/net-imap/releases/tag/v0.4.24
https://github.com/ruby/net-imap/releases/tag/v0.5.14
https://github.com/ruby/net-imap/releases/tag/v0.6.4
https://github.com/ruby/net-imap/security/advisories/GHSA-75xq-5h9v-w6px