Lucene search
K

8 matches found

Vulnrichment
Vulnrichment
added 2026/03/06 9:7 p.m.3 views

CVE-2026-30227 MimeKit: CRLF Injection in Quoted Local-Part Enables SMTP Command Injection and Email Forgery

MimeKit is a C library which may be used for the creation and parsing of messages using the Multipurpose Internet Mail Extension MIME, as defined by numerous IETF specifications. Prior to version 4.15.1, a CRLF injection vulnerability in MimeKit allows an attacker to embed \r\n into the SMTP...

6.9CVSS5.7AI score0.01085EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/06 9:7 p.m.26 views

CVE-2026-30227 MimeKit: CRLF Injection in Quoted Local-Part Enables SMTP Command Injection and Email Forgery

MimeKit is a C library which may be used for the creation and parsing of messages using the Multipurpose Internet Mail Extension MIME, as defined by numerous IETF specifications. Prior to version 4.15.1, a CRLF injection vulnerability in MimeKit allows an attacker to embed \r\n into the SMTP...

6.9CVSS0.01085EPSS
Exploits1References1
OSV
OSV
added 2026/03/06 9:7 p.m.8 views

CVE-2026-30227 MimeKit: CRLF Injection in Quoted Local-Part Enables SMTP Command Injection and Email Forgery

MimeKit is a C library which may be used for the creation and parsing of messages using the Multipurpose Internet Mail Extension MIME, as defined by numerous IETF specifications. Prior to version 4.15.1, a CRLF injection vulnerability in MimeKit allows an attacker to embed \r\n into the SMTP...

6.9CVSS5.7AI score0.01085EPSS
Exploits1References3
OSV
OSV
added 2026/03/05 9:50 p.m.26 views

GHSA-G7HC-96XR-GVVX MimeKit has CRLF Injection in Quoted Local-Part that Enables SMTP Command Injection and Email Forgery

Summary A CRLF Injection vulnerability in MimeKit 4.15.0 allows an attacker to embed \r\n into the SMTP envelope address local-part when the local-part is a quoted-string. This is non-compliant with RFC 5321 and can result in SMTP command injection e.g., injecting additional RCPT TO / DATA / RSET...

6.9CVSS6AI score0.01085EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/03/05 9:50 p.m.34 views

MimeKit has CRLF Injection in Quoted Local-Part that Enables SMTP Command Injection and Email Forgery

Summary A CRLF Injection vulnerability in MimeKit 4.15.0 allows an attacker to embed \r\n into the SMTP envelope address local-part when the local-part is a quoted-string. This is non-compliant with RFC 5321 and can result in SMTP command injection e.g., injecting additional RCPT TO / DATA / RSET...

6.9CVSS6AI score0.01085EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.9 views

PT-2026-23616

Name of the Vulnerable Software and Affected Versions MimeKit versions prior to 4.15.1 MailKit versions prior to 4.15.1 Description A CRLF injection flaw exists in MimeKit and MailKit when handling SMTP envelope addresses. Specifically, when the local-part of an address is a quoted-string, the...

6.9CVSS5.8AI score0.01085EPSS
Exploits1References6
OSV
OSV
added 2025/10/07 1:42 p.m.4 views

GHSA-MM7P-FCC7-PG87 Nodemailer: Email to an unintended domain can occur due to Interpretation Conflict

The email parsing library incorrectly handles quoted local-parts containing @. This leads to misrouting of email recipients, where the parser extracts and routes to an unintended domain instead of the RFC-compliant target. Payload: "[email protected] x"@internal.domain Using the following code to...

6.9CVSS5.8AI score0.00509EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2025/10/07 1:42 p.m.26 views

Nodemailer: Email to an unintended domain can occur due to Interpretation Conflict

The email parsing library incorrectly handles quoted local-parts containing @. This leads to misrouting of email recipients, where the parser extracts and routes to an unintended domain instead of the RFC-compliant target. Payload: "[email protected] x"@internal.domain Using the following code to...

7.5CVSS7.1AI score0.00509EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder