CVE-2026-1299
Lifecycle Timeline
2DescriptionCVE.org
The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. This is only applicable if using "LiteralHeader" writing headers that don't respect email folding rules, the new behavior will reject the incorrectly folded headers in "BytesGenerator".
AnalysisAI
The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized.
Technical ContextAI
The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. This is only applicable if using "LiteralHeader" writing headers that don't respect email folding rules, the new behavior will reject the incorrectly folded headers in "BytesGenerator".
Affected ProductsAI
The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when serializing an email message allowi
RemediationAI
Monitor vendor advisories for a patch.
Same technique Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today