6 matches found
CVE-2026-41319
MailKit is a cross-platform mail client library built on top of MimeKit. A STARTTLS Response Injection vulnerability in versions prior to 4.16.0 allows a Man-in-the-Middle attacker to inject arbitrary protocol responses across the plaintext-to-TLS trust boundary, enabling SASL authentication...
CVE-2026-41319 MailKit has STARTTLS Response Injection via unflushed stream buffer that enables SASL mechanism downgrade
MailKit is a cross-platform mail client library built on top of MimeKit. A STARTTLS Response Injection vulnerability in versions prior to 4.16.0 allows a Man-in-the-Middle attacker to inject arbitrary protocol responses across the plaintext-to-TLS trust boundary, enabling SASL authentication...
CVE-2026-41319 MailKit has STARTTLS Response Injection via unflushed stream buffer that enables SASL mechanism downgrade
MailKit is a cross-platform mail client library built on top of MimeKit. A STARTTLS Response Injection vulnerability in versions prior to 4.16.0 allows a Man-in-the-Middle attacker to inject arbitrary protocol responses across the plaintext-to-TLS trust boundary, enabling SASL authentication...
CVE-2026-41319
MailKit is a cross-platform mail client library built on top of MimeKit. A STARTTLS Response Injection vulnerability in versions prior to 4.16.0 allows a Man-in-the-Middle attacker to inject arbitrary protocol responses across the plaintext-to-TLS trust boundary, enabling SASL authentication...
GHSA-9J88-VVJ5-VHGR MailKit has STARTTLS Response Injection via unflushed stream buffer that enables SASL mechanism downgrade
Summary A STARTTLS Response Injection vulnerability in MailKit allows a Man-in-the-Middle attacker to inject arbitrary protocol responses across the plaintext-to-TLS trust boundary, enabling SASL authentication mechanism downgrade e.g., forcing PLAIN instead of SCRAM-SHA-256. The internal read...
PT-2026-34845
Name of the Vulnerable Software and Affected Versions MailKit versions prior to 4.16.0 Description A STARTTLS Response Injection issue allows a Man-in-the-Middle attacker to inject arbitrary protocol responses across the plaintext-to-TLS trust boundary. This can enable a SASL authentication...