8 matches found
CVE-2026-30227 MimeKit: CRLF Injection in Quoted Local-Part Enables SMTP Command Injection and Email Forgery
MimeKit is a C library which may be used for the creation and parsing of messages using the Multipurpose Internet Mail Extension MIME, as defined by numerous IETF specifications. Prior to version 4.15.1, a CRLF injection vulnerability in MimeKit allows an attacker to embed \r\n into the SMTP...
CVE-2026-30227 MimeKit: CRLF Injection in Quoted Local-Part Enables SMTP Command Injection and Email Forgery
MimeKit is a C library which may be used for the creation and parsing of messages using the Multipurpose Internet Mail Extension MIME, as defined by numerous IETF specifications. Prior to version 4.15.1, a CRLF injection vulnerability in MimeKit allows an attacker to embed \r\n into the SMTP...
CVE-2026-30227 MimeKit: CRLF Injection in Quoted Local-Part Enables SMTP Command Injection and Email Forgery
MimeKit is a C library which may be used for the creation and parsing of messages using the Multipurpose Internet Mail Extension MIME, as defined by numerous IETF specifications. Prior to version 4.15.1, a CRLF injection vulnerability in MimeKit allows an attacker to embed \r\n into the SMTP...
GHSA-G7HC-96XR-GVVX MimeKit has CRLF Injection in Quoted Local-Part that Enables SMTP Command Injection and Email Forgery
Summary A CRLF Injection vulnerability in MimeKit 4.15.0 allows an attacker to embed \r\n into the SMTP envelope address local-part when the local-part is a quoted-string. This is non-compliant with RFC 5321 and can result in SMTP command injection e.g., injecting additional RCPT TO / DATA / RSET...
MimeKit has CRLF Injection in Quoted Local-Part that Enables SMTP Command Injection and Email Forgery
Summary A CRLF Injection vulnerability in MimeKit 4.15.0 allows an attacker to embed \r\n into the SMTP envelope address local-part when the local-part is a quoted-string. This is non-compliant with RFC 5321 and can result in SMTP command injection e.g., injecting additional RCPT TO / DATA / RSET...
PT-2026-23616
Name of the Vulnerable Software and Affected Versions MimeKit versions prior to 4.15.1 MailKit versions prior to 4.15.1 Description A CRLF injection flaw exists in MimeKit and MailKit when handling SMTP envelope addresses. Specifically, when the local-part of an address is a quoted-string, the...
GHSA-MM7P-FCC7-PG87 Nodemailer: Email to an unintended domain can occur due to Interpretation Conflict
The email parsing library incorrectly handles quoted local-parts containing @. This leads to misrouting of email recipients, where the parser extracts and routes to an unintended domain instead of the RFC-compliant target. Payload: "[email protected] x"@internal.domain Using the following code to...
Nodemailer: Email to an unintended domain can occur due to Interpretation Conflict
The email parsing library incorrectly handles quoted local-parts containing @. This leads to misrouting of email recipients, where the parser extracts and routes to an unintended domain instead of the RFC-compliant target. Payload: "[email protected] x"@internal.domain Using the following code to...