CVE Vulnerabilities

CVE-2026-42246

Missing Report of Error Condition

Published: May 09, 2026 | Modified: Jul 07, 2026
CVSS 3.x
7.4
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
7.4 IMPORTANT
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Ubuntu
MEDIUM
root.io logo minimus.io logo echo.ai logo

Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man-in-the-middle attacker can cause Net::IMAP#starttls to return successfully, without starting TLS. This issue has been patched in versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4.

Weakness

The product encounters an error but does not provide a status code or return value to indicate that an error has occurred.

Affected Software

NameVendorStart VersionEnd Version
Net::imapRuby-lang*0.3.10 (excluding)
Net::imapRuby-lang0.4.0 (including)0.4.24 (excluding)
Net::imapRuby-lang0.5.0 (including)0.5.14 (excluding)
Net::imapRuby-lang0.6.0 (including)0.6.4 (excluding)
Red Hat Enterprise Linux 10RedHatruby4.0-0:4.0.3-35.el10_2*
Red Hat Enterprise Linux 10RedHatruby-0:3.3.10-13.el10_2*
Red Hat Enterprise Linux 10.0 Extended Update SupportRedHatruby-0:3.3.10-11.el10_0.2*
Red Hat Enterprise Linux 8RedHatruby:2.5-8100020260615131019.489197e6*
Red Hat Enterprise Linux 8RedHatruby:3.3-8100020260615131010.489197e6*
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRedHatruby:2.5-8040020260630124058.522a0ee4*
Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRedHatruby:2.5-8040020260630124058.522a0ee4*
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRedHatruby:2.5-8060020260630123825.ad008a3a*
Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-OnRedHatruby:2.5-8060020260630123825.ad008a3a*
Red Hat Enterprise Linux 8.8 Telecommunications Update ServiceRedHatruby:2.5-8080020260625114827.63b34585*
Red Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRedHatruby:2.5-8080020260625114827.63b34585*
Red Hat Enterprise Linux 9RedHatruby-0:3.0.7-167.el9_8*
Red Hat Enterprise Linux 9RedHatruby:3.3-9080020260615131001.9*
Red Hat Enterprise Linux 9RedHatruby:4.0-9080020260619130154.9*
Red Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRedHatruby-0:3.0.4-161.el9_2.3*
Red Hat Enterprise Linux 9.4 Update Services for SAP SolutionsRedHatruby-0:3.0.7-162.el9_4.3*
Red Hat Enterprise Linux 9.4 Update Services for SAP SolutionsRedHatruby:3.3-9040020260630065449.9*
Red Hat Enterprise Linux 9.6 Extended Update SupportRedHatruby-0:3.0.7-165.el9_6.1*
Red Hat Hardened ImagesRedHatruby4-0-main-4.0.0-33.4.hum1*
Red Hat Hardened ImagesRedHatruby3-4-main-3.4.8-31.2.hum1*
Red Hat Hardened ImagesRedHatruby3-3-main-3.3.10-23.2.hum1*
JrubyUbuntuesm-apps-legacy/xenial*
JrubyUbuntuesm-apps/bionic*
JrubyUbuntuesm-apps/focal*
JrubyUbuntuesm-apps/noble*
JrubyUbuntuesm-apps/resolute*
JrubyUbuntuesm-apps/xenial*
JrubyUbuntuesm-infra-legacy/trusty*
JrubyUbuntunoble*
JrubyUbuntuquesting*
JrubyUbunturesolute*
Ruby2.3Ubuntuesm-infra-legacy/xenial*
Ruby2.3Ubuntuesm-infra/xenial*
Ruby2.5Ubuntuesm-infra/bionic*
Ruby2.7Ubuntuesm-infra/focal*
Ruby3.0Ubuntujammy*
Ruby3.2Ubuntunoble*
Ruby3.3Ubuntuquesting*
Ruby3.3Ubunturesolute*

References