Lucene search
K

11 matches found

RedhatCVE
RedhatCVE
added 2026/04/25 7:22 a.m.6 views

CVE-2026-41319

MailKit is a cross-platform mail client library built on top of MimeKit. A STARTTLS Response Injection vulnerability in versions prior to 4.16.0 allows a Man-in-the-Middle attacker to inject arbitrary protocol responses across the plaintext-to-TLS trust boundary, enabling SASL authentication...

6.5CVSS5.8AI score0.00223EPSS
Exploits1References1
NVD
NVD
added 2026/04/24 4:16 a.m.4 views

CVE-2026-41319

MailKit is a cross-platform mail client library built on top of MimeKit. A STARTTLS Response Injection vulnerability in versions prior to 4.16.0 allows a Man-in-the-Middle attacker to inject arbitrary protocol responses across the plaintext-to-TLS trust boundary, enabling SASL authentication...

6.5CVSS0.00223EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/24 3:7 a.m.6 views

CVE-2026-41319 MailKit has STARTTLS Response Injection via unflushed stream buffer that enables SASL mechanism downgrade

MailKit is a cross-platform mail client library built on top of MimeKit. A STARTTLS Response Injection vulnerability in versions prior to 4.16.0 allows a Man-in-the-Middle attacker to inject arbitrary protocol responses across the plaintext-to-TLS trust boundary, enabling SASL authentication...

6.5CVSS5.8AI score0.00223EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/24 3:7 a.m.35 views

CVE-2026-41319 MailKit has STARTTLS Response Injection via unflushed stream buffer that enables SASL mechanism downgrade

MailKit is a cross-platform mail client library built on top of MimeKit. A STARTTLS Response Injection vulnerability in versions prior to 4.16.0 allows a Man-in-the-Middle attacker to inject arbitrary protocol responses across the plaintext-to-TLS trust boundary, enabling SASL authentication...

6.5CVSS0.00223EPSS
Exploits1References1
CVE
CVE
added 2026/04/24 3:7 a.m.30 views

CVE-2026-41319

Summary (CVE-2026-41319) MailKit (MimeKit-based) exposes a STARTTLS vulnerability where the internal read buffers of SmtpStream, ImapStream, and Pop3Stream are not flushed when upgrading to TLS with SslStream. This allows pre-TLS attacker-injected data to be treated as post-TLS, enabling a MITM-b...

6.5CVSS6AI score0.00223EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/24 3:7 a.m.6 views

CVE-2026-41319

MailKit is a cross-platform mail client library built on top of MimeKit. A STARTTLS Response Injection vulnerability in versions prior to 4.16.0 allows a Man-in-the-Middle attacker to inject arbitrary protocol responses across the plaintext-to-TLS trust boundary, enabling SASL authentication...

6.5CVSS6AI score0.00223EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.13 views

MailKit 注入漏洞

MailKit is a cross-platform email client library developed by Jeffrey Stedfast. Versions of MailKit prior to 4.16.0 had an injection vulnerability. This vulnerability stemmed from STARTTLS response injection, which allowed man-in-the-middle attackers to inject arbitrary protocol responses, thereb...

6.5CVSS5.9AI score0.00223EPSS
Exploits1References2
OSV
OSV
added 2026/04/18 1:13 a.m.7 views

GHSA-9J88-VVJ5-VHGR MailKit has STARTTLS Response Injection via unflushed stream buffer that enables SASL mechanism downgrade

Summary A STARTTLS Response Injection vulnerability in MailKit allows a Man-in-the-Middle attacker to inject arbitrary protocol responses across the plaintext-to-TLS trust boundary, enabling SASL authentication mechanism downgrade e.g., forcing PLAIN instead of SCRAM-SHA-256. The internal read...

6.5CVSS5.9AI score0.00223EPSS
Exploits1References3
Snyk
Snyk
added 2026/04/18 1:13 a.m.5 views

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the internal stream buffers SmtpStream, ImapStream, and Pop3Stream not being flushed during the STARTTLS upgrade process. An attacker c...

7.1CVSS5.8AI score0.00223EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/18 12:0 a.m.24 views

PT-2026-34845

Name of the Vulnerable Software and Affected Versions MailKit versions prior to 4.16.0 Description A STARTTLS Response Injection issue allows a Man-in-the-Middle attacker to inject arbitrary protocol responses across the plaintext-to-TLS trust boundary. This can enable a SASL authentication...

6.5CVSS6AI score0.00223EPSS
Exploits1References6
Circl
Circl
added 2026/04/17 9:22 p.m.9 views

CVE-2026-41319

creationtimestamp| type| source ---|---|--- 2026-04-17 21:22:57+00:00| published-proof-of-concept| https://github.com/jstedfast/MailKit/security/advisories/GHSA-9j88-vvj5-vhgr...

6.5CVSS5.8AI score0.00223EPSS
Exploits1References1
Rows per page
Query Builder