Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-96kx-5gzu-bqba
Vulnerability ID VCID-96kx-5gzu-bqba
Aliases CVE-2026-42257
GHSA-hm49-wcqc-g2xg
Summary
Status Published
Exploitability 0.5
Weighted Severity 5.5
Risk 2.8
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection')
CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
System Score Found at
cvssv3 6.1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42257.json
epss 0.00016 https://api.first.org/data/v1/epss?cve=CVE-2026-42257
cvssv4 5.8 https://github.com/ruby/net-imap
generic_textual MODERATE https://github.com/ruby/net-imap
cvssv4 5.8 https://github.com/ruby/net-imap/commit/0ec4fd351263e8b9a4f683713427827b7b1ad974
generic_textual MODERATE https://github.com/ruby/net-imap/commit/0ec4fd351263e8b9a4f683713427827b7b1ad974
cvssv4 5.8 https://github.com/ruby/net-imap/commit/47c72186d272441878ca73c9499f66013829ca2f
generic_textual MODERATE https://github.com/ruby/net-imap/commit/47c72186d272441878ca73c9499f66013829ca2f
cvssv4 5.8 https://github.com/ruby/net-imap/commit/6bf02aef7e0b5931010c36e377f79a71636b306b
generic_textual MODERATE https://github.com/ruby/net-imap/commit/6bf02aef7e0b5931010c36e377f79a71636b306b
cvssv4 5.8 https://github.com/ruby/net-imap/commit/a4f7649c3da77dec7631f03a037a478eb4330048
generic_textual MODERATE https://github.com/ruby/net-imap/commit/a4f7649c3da77dec7631f03a037a478eb4330048
cvssv4 5.8 https://github.com/ruby/net-imap/commit/aec06996eb87a7e1bbcef1f9f8926e8add2b8c71
generic_textual MODERATE https://github.com/ruby/net-imap/commit/aec06996eb87a7e1bbcef1f9f8926e8add2b8c71
cvssv4 5.8 https://github.com/ruby/net-imap/releases/tag/v0.4.24
generic_textual MODERATE https://github.com/ruby/net-imap/releases/tag/v0.4.24
ssvc Track https://github.com/ruby/net-imap/releases/tag/v0.4.24
cvssv4 5.8 https://github.com/ruby/net-imap/releases/tag/v0.5.14
generic_textual MODERATE https://github.com/ruby/net-imap/releases/tag/v0.5.14
ssvc Track https://github.com/ruby/net-imap/releases/tag/v0.5.14
cvssv4 5.8 https://github.com/ruby/net-imap/releases/tag/v0.6.4
generic_textual MODERATE https://github.com/ruby/net-imap/releases/tag/v0.6.4
ssvc Track https://github.com/ruby/net-imap/releases/tag/v0.6.4
cvssv4 5.8 https://github.com/ruby/net-imap/security/advisories/GHSA-hm49-wcqc-g2xg
generic_textual MODERATE https://github.com/ruby/net-imap/security/advisories/GHSA-hm49-wcqc-g2xg
ssvc Track https://github.com/ruby/net-imap/security/advisories/GHSA-hm49-wcqc-g2xg
cvssv4 5.8 https://nvd.nist.gov/vuln/detail/CVE-2026-42257
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2026-42257
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42257.json
https://api.first.org/data/v1/epss?cve=CVE-2026-42257
https://github.com/ruby/net-imap
https://github.com/ruby/net-imap/commit/0ec4fd351263e8b9a4f683713427827b7b1ad974
https://github.com/ruby/net-imap/commit/47c72186d272441878ca73c9499f66013829ca2f
https://github.com/ruby/net-imap/commit/6bf02aef7e0b5931010c36e377f79a71636b306b
https://github.com/ruby/net-imap/commit/a4f7649c3da77dec7631f03a037a478eb4330048
https://github.com/ruby/net-imap/commit/aec06996eb87a7e1bbcef1f9f8926e8add2b8c71
https://github.com/ruby/net-imap/releases/tag/v0.4.24
https://github.com/ruby/net-imap/releases/tag/v0.5.14
https://github.com/ruby/net-imap/releases/tag/v0.6.4
https://github.com/ruby/net-imap/security/advisories/GHSA-hm49-wcqc-g2xg
https://nvd.nist.gov/vuln/detail/CVE-2026-42257
1136823 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136823
2468494 https://bugzilla.redhat.com/show_bug.cgi?id=2468494
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42257.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N Found at https://github.com/ruby/net-imap
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N Found at https://github.com/ruby/net-imap/commit/0ec4fd351263e8b9a4f683713427827b7b1ad974
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N Found at https://github.com/ruby/net-imap/commit/47c72186d272441878ca73c9499f66013829ca2f
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N Found at https://github.com/ruby/net-imap/commit/6bf02aef7e0b5931010c36e377f79a71636b306b
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N Found at https://github.com/ruby/net-imap/commit/a4f7649c3da77dec7631f03a037a478eb4330048
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N Found at https://github.com/ruby/net-imap/commit/aec06996eb87a7e1bbcef1f9f8926e8add2b8c71
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N Found at https://github.com/ruby/net-imap/releases/tag/v0.4.24
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-13T19:27:16Z/ Found at https://github.com/ruby/net-imap/releases/tag/v0.4.24
Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N Found at https://github.com/ruby/net-imap/releases/tag/v0.5.14
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-13T19:27:16Z/ Found at https://github.com/ruby/net-imap/releases/tag/v0.5.14
Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N Found at https://github.com/ruby/net-imap/releases/tag/v0.6.4
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-13T19:27:16Z/ Found at https://github.com/ruby/net-imap/releases/tag/v0.6.4
Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N Found at https://github.com/ruby/net-imap/security/advisories/GHSA-hm49-wcqc-g2xg
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-13T19:27:16Z/ Found at https://github.com/ruby/net-imap/security/advisories/GHSA-hm49-wcqc-g2xg
Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N Found at https://nvd.nist.gov/vuln/detail/CVE-2026-42257
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.03871
EPSS Score 0.00016
Published At May 30, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-30T23:09:50.709548+00:00 EPSS Importer Import https://epss.cyentia.com/epss_scores-current.csv.gz 38.6.0