VDB
CISA-2025-15366
CISA-2025-15366
PUBLISHED
CVSS 5.9 MEDIUM
Reported by PSF · Published January 20, 2026
The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.
Risk Scores
CVSS 4.0
5.9
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Python Software Foundation | CPython | 0 |
| Python Software Foundation | CPython | 0, 0 |
Timeline
- Jan 20, 2026 CVE Published
- Feb 26, 2026 CVE Updated