IMAP command injection in user-controlled commands
Summary
IMAP command injection in user-controlled commands. Red Hat rates this moderate (CVSS 7.1). Weakness: CWE-77. Affected package(s): discovery/discovery-server-rhel9:1775668717, python3, python3.11, python3.12, rhui5/rhua-rhel9:1773670137, rhaiis/vllm-rocm-rhel9:1775680262. Resolved in Red Hat advisory RHSA-2026:5606 — update the affected packages (`sudo dnf update`).
- discovery/discovery-server-rhel9:1775668717
- python3-12-main-3.12.13-3.hum1
- python3-0:3.6.8-47.el8_6.11
- python3-0:3.6.8-39.el8_4.9
- python3.11-0:3.11.2-2.el8_8.8
- python3.12-0:3.12.12-4.el9_7.1
- rhui5/rhua-rhel9:1773670137
- python3.11-0:3.11.13-5.1.el9_7
- rhaiis/vllm-rocm-rhel9:1775680262
- python3-0:3.6.8-24.el8_2.6
- python3.9-0:3.9.21-2.el9_6.4
- python3.12-0:3.12.9-1.el9_6.6
Official advisory · high-confidence parse· fetched 4 hours ago·verify at source
- RHSA-2026:5606
Official advisory · high-confidence parse· fetched 4 hours ago·verify at source
Mitigation checklist
- Update the affected package(s) to the fixed version shipped in RHSA-2026:5606 (`sudo dnf update` / `yum update`).
Official advisory · high-confidence parse· fetched 4 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.