Lucene search
K

6 matches found

NVD
NVD
added 2026/04/24 4:16 a.m.3 views

CVE-2026-41319

MailKit is a cross-platform mail client library built on top of MimeKit. A STARTTLS Response Injection vulnerability in versions prior to 4.16.0 allows a Man-in-the-Middle attacker to inject arbitrary protocol responses across the plaintext-to-TLS trust boundary, enabling SASL authentication...

6.5CVSS0.00223EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/24 3:7 a.m.33 views

CVE-2026-41319 MailKit has STARTTLS Response Injection via unflushed stream buffer that enables SASL mechanism downgrade

MailKit is a cross-platform mail client library built on top of MimeKit. A STARTTLS Response Injection vulnerability in versions prior to 4.16.0 allows a Man-in-the-Middle attacker to inject arbitrary protocol responses across the plaintext-to-TLS trust boundary, enabling SASL authentication...

6.5CVSS0.00223EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/24 3:7 a.m.6 views

CVE-2026-41319 MailKit has STARTTLS Response Injection via unflushed stream buffer that enables SASL mechanism downgrade

MailKit is a cross-platform mail client library built on top of MimeKit. A STARTTLS Response Injection vulnerability in versions prior to 4.16.0 allows a Man-in-the-Middle attacker to inject arbitrary protocol responses across the plaintext-to-TLS trust boundary, enabling SASL authentication...

6.5CVSS5.8AI score0.00223EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/24 3:7 a.m.6 views

CVE-2026-41319

MailKit is a cross-platform mail client library built on top of MimeKit. A STARTTLS Response Injection vulnerability in versions prior to 4.16.0 allows a Man-in-the-Middle attacker to inject arbitrary protocol responses across the plaintext-to-TLS trust boundary, enabling SASL authentication...

6.5CVSS6AI score0.00223EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/04/18 1:13 a.m.7 views

GHSA-9J88-VVJ5-VHGR MailKit has STARTTLS Response Injection via unflushed stream buffer that enables SASL mechanism downgrade

Summary A STARTTLS Response Injection vulnerability in MailKit allows a Man-in-the-Middle attacker to inject arbitrary protocol responses across the plaintext-to-TLS trust boundary, enabling SASL authentication mechanism downgrade e.g., forcing PLAIN instead of SCRAM-SHA-256. The internal read...

6.5CVSS5.9AI score0.00223EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/04/18 12:0 a.m.20 views

PT-2026-34845

Name of the Vulnerable Software and Affected Versions MailKit versions prior to 4.16.0 Description A STARTTLS Response Injection issue allows a Man-in-the-Middle attacker to inject arbitrary protocol responses across the plaintext-to-TLS trust boundary. This can enable a SASL authentication...

6.5CVSS6AI score0.00223EPSS
Exploits1References6
Rows per page
Query Builder