9 matches found
CVE-2026-30227
MimeKit is a C library which may be used for the creation and parsing of messages using the Multipurpose Internet Mail Extension MIME, as defined by numerous IETF specifications. Prior to version 4.15.1, a CRLF injection vulnerability in MimeKit allows an attacker to embed \r\n into the SMTP...
CVE-2026-30227 MimeKit: CRLF Injection in Quoted Local-Part Enables SMTP Command Injection and Email Forgery
MimeKit is a C library which may be used for the creation and parsing of messages using the Multipurpose Internet Mail Extension MIME, as defined by numerous IETF specifications. Prior to version 4.15.1, a CRLF injection vulnerability in MimeKit allows an attacker to embed \r\n into the SMTP...
MimeKit 注入漏洞
MimeKit is a C library developed by Jeffrey Stedfast for creating and parsing MIME messages. Versions of MimeKit prior to 4.15.1 had a injection vulnerability, which stemmed from CRLF injections in the local part of SMTP envelope addresses. This vulnerability could lead to SMTP command injections...
MimeKit has CRLF Injection in Quoted Local-Part that Enables SMTP Command Injection and Email Forgery
Summary A CRLF Injection vulnerability in MimeKit 4.15.0 allows an attacker to embed \r\n into the SMTP envelope address local-part when the local-part is a quoted-string. This is non-compliant with RFC 5321 and can result in SMTP command injection e.g., injecting additional RCPT TO / DATA / RSET...
CRLF Injection
Overview MimeKit is a C library which may be used for the creation and parsing of messages using the Multipurpose Internet Mail Extension MIME, as defined by numerous IETF specifications. Affected versions of this package are vulnerable to CRLF Injection due to the InternetAddress not rejecting...
GHSA-G7HC-96XR-GVVX MimeKit has CRLF Injection in Quoted Local-Part that Enables SMTP Command Injection and Email Forgery
Summary A CRLF Injection vulnerability in MimeKit 4.15.0 allows an attacker to embed \r\n into the SMTP envelope address local-part when the local-part is a quoted-string. This is non-compliant with RFC 5321 and can result in SMTP command injection e.g., injecting additional RCPT TO / DATA / RSET...
PT-2026-23616
Name of the Vulnerable Software and Affected Versions MimeKit versions prior to 4.15.1 MailKit versions prior to 4.15.1 Description A CRLF injection flaw exists in MimeKit and MailKit when handling SMTP envelope addresses. Specifically, when the local-part of an address is a quoted-string, the...
GHSA-GMC6-FWG3-75M5 Mimekit has vulnerable dependency that can lead to denial of service
Summary Denial of service vulnerability. Details See: https://github.com/advisories/GHSA-447r-wph3-92pm and https://github.com/dotnet/announcements/issues/312 PoC Update System.Security.Cryptography.Pkcs to 8.0.1 so that the transitive dependency with the issue gets updated Impact Denial of servi...
Mimekit has vulnerable dependency that can lead to denial of service
Summary Denial of service vulnerability. Details See: https://github.com/advisories/GHSA-447r-wph3-92pm and https://github.com/dotnet/announcements/issues/312 PoC Update System.Security.Cryptography.Pkcs to 8.0.1 so that the transitive dependency with the issue gets updated Impact Denial of servi...