High7.4Red Hat & Ubuntu Linux
Net::IMAP: Information disclosure via man-in-the-middle attack bypassing TLS
CVE-2026-42246 Published May 9, 2026
CVE-2026-42246
Affected products & platforms
Red Hat & Ubuntu LinuxUnclassified
Summary
Net::IMAP: Information disclosure via man-in-the-middle attack bypassing TLS. Red Hat rates this important (CVSS 7.4). Weakness: CWE-325. Affected package(s): ruby, ruby4, ruby4.0, ruby:3.3, ruby3, ruby:2.5. Resolved in Red Hat advisory RHSA-2026:33514 — update the affected packages (`sudo dnf update`).
Affected versions
- ruby-0:3.0.7-162.el9_4.3
- ruby4-0-main-4.0.0-33.4.hum1
- ruby-0:3.0.7-167.el9_8
- ruby4.0-0:4.0.3-35.el10_2
- ruby:3.3-8100020260615131010.489197e6
- ruby-0:3.0.4-161.el9_2.3
- ruby-0:3.3.10-13.el10_2
- ruby-0:3.0.7-165.el9_6.1
- ruby3-3-main-3.3.10-23.2.hum1
- ruby3-4-main-3.4.8-31.2.hum1
- ruby:3.3-9080020260615131001.9
- ruby:2.5-8080020260625114827.63b34585
Official advisory · high-confidence parse· fetched 5 hours ago·verify at source
Fixed versions
- RHSA-2026:33514
Official advisory · high-confidence parse· fetched 5 hours ago·verify at source
Mitigation checklist
Recommended fix / mitigation
- Update the affected package(s) to the fixed version shipped in RHSA-2026:33514 (`sudo dnf update` / `yum update`).
Official advisory · high-confidence parse· fetched 5 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.