CVE-2026-30227
MimeKit prior to 4.15.1 contains a CRLF injection vulnerability in the SMTP envelope local-part when it is a quoted-string, allowing injection of \r\n into mailbox addresses via MailboxAddress . This can lead to SMTP command injection (e.g., extra RCPT TO/DATA/RSET) and potentially header injecti...