High7.1Red Hat & Ubuntu Linux
Net::IMAP: IMAP Command Injection via Symbol Arguments
CVE-2026-42258 Published May 9, 2026
CVE-2026-42258
Affected products & platforms
Red Hat & Ubuntu LinuxUnclassified
Summary
Net::IMAP: IMAP Command Injection via Symbol Arguments. Red Hat rates this important (CVSS 7.1). Weakness: CWE-93. Affected package(s): ruby, ruby4.0, ruby:3.3, ruby:2.5, ruby:4.0. Resolved in Red Hat advisory RHSA-2026:33514 — update the affected packages (`sudo dnf update`).
Affected versions
- ruby-0:3.0.7-162.el9_4.3
- ruby-0:3.0.7-167.el9_8
- ruby4.0-0:4.0.3-35.el10_2
- ruby:3.3-8100020260615131010.489197e6
- ruby-0:3.0.4-161.el9_2.3
- ruby-0:3.3.10-13.el10_2
- ruby-0:3.0.7-165.el9_6.1
- ruby:3.3-9080020260615131001.9
- ruby:2.5-8080020260625114827.63b34585
- ruby:2.5-8040020260630124058.522a0ee4
- ruby:4.0-9080020260619130154.9
- ruby:2.5-8100020260615131019.489197e6
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Fixed versions
- RHSA-2026:33514
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Mitigation checklist
Recommended fix / mitigation
- Update the affected package(s) to the fixed version shipped in RHSA-2026:33514 (`sudo dnf update` / `yum update`).
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.