CVE-2026-42246

Description

Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man-in-the-middle attacker can cause Net::IMAP#starttls to return "successfully", without starting TLS. This issue has been patched in versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4.

EPSS — Exploit Prediction

0.0002

Probability of exploitation

0.04%

Percentile rank

EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.

Weakness Type (CWE)

CWE-392 CWE-392

CWE-393 CWE-393

CWE-636 CWE-636

CWE-754 CWE-754

CWE-841 CWE-841

References

Other References

https://github.com/ruby/net-imap/commit/0ede4c40b1523dfeaf95777b2678e54cc0fd9618 https://github.com/ruby/net-imap/commit/24a4e770b43230286a05aa2a9746cdbb3eb8485e https://github.com/ruby/net-imap/commit/97e2488fb5401a1783bddd959dde007d9fbce42c https://github.com/ruby/net-imap/commit/f79d35bf5833f186e81044c57c843eda30c873da https://github.com/ruby/net-imap/releases/tag/v0.3.10 https://github.com/ruby/net-imap/releases/tag/v0.4.24 https://github.com/ruby/net-imap/releases/tag/v0.5.14 https://github.com/ruby/net-imap/security/advisories/GHSA-vcgp-9326-pqcp

Frequently Asked Questions

What is CVE-2026-42246? +

Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man-in-the-middle attacker can cause Net::IMAP#starttls to return "successfully", without starting TLS. This issue has been patched in versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4.

How do I check if I'm vulnerable to CVE-2026-42246? +

You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2025-32743 9.0

In ConnMan through 1.44, the lookup string in ns_resolv in dnsproxy.c can be NULL or an empty string when the …

CVE-2024-39697 8.6

phonenumber is a library for parsing, formatting and validating international phone numbers. Since 0.3.4, the phonenumber parsing code may panic …

CVE-2025-23270 7.1

NVIDIA Jetson Linux contains a vulnerability in UEFI Management mode, where an unprivileged local attacker may cause exposure of sensitive …

CVE-2024-12797 6.3

Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a server may fail to notice that the server …

CVE-2025-26268 3.3

DragonflyDB Dragonfly before 1.27.0 allows authenticated users to cause a denial of service (daemon crash) via a crafted Redis command. …

CVE-2025-59398 3.1

The OCPP implementation in libocpp before 0.26.2 allows a denial of service (EVerest crash) via JSON input larger than 255 …