RCE in Ruby Net-imap
CVE-2026-47240
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to 0.6.5 and 0.5.15, several Net::IMAP commands accept a "raw data" argument that is sent verbatim after validation to prevent command injecti…
Vulnerability class: Command Injection (OS Command Injection)
Affected products
- Ruby Net-imap — versions >= 0.6.0, < 0.6.4.1, < 0.5.15
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)