IMAP Command Execution Issue in Ruby's Net::IMAP Component
CVE-2026-47241

2.1LOW

Key Information:

Vendor: Ruby
Status: Net-imap
Vendor: CVE Published:; 22 June 2026

What is CVE-2026-47241?

The Ruby Net::IMAP component has a vulnerability where certain commands can accept raw string arguments that are only partially validated. As a result, if an attacker manipulates user-controlled input, they can exploit this flaw to execute additional commands. This leads to failure in the initial command and prevents it from returning until a subsequent command is processed. The vulnerability is mitigated in versions 0.6.5 and 0.5.15, which enhance input validation.

Affected Version(s)

net-imap >= 0.6.0, < 0.6.4.1 < 0.6.0, 0.6.4.1

net-imap < 0.5.15 < 0.5.15

References

https://github.com/ruby/net-imap/security/advisories/GHSA...

x_refsource_CONFIRM

CVSS V4

Score:

2.1

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 22, 2026
Vulnerability Reserved
May 18, 2026

CVE-2026-47241 Data

JSON