Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Lifecycle Timeline
6DescriptionGitHub Advisory
MailKit is a cross-platform mail client library built on top of MimeKit. A STARTTLS Response Injection vulnerability in versions prior to 4.16.0 allows a Man-in-the-Middle attacker to inject arbitrary protocol responses across the plaintext-to-TLS trust boundary, enabling SASL authentication mechanism downgrade (e.g., forcing PLAIN instead of SCRAM-SHA-256). The internal read buffer in SmtpStream, ImapStream, and Pop3Stream is not flushed when the underlying stream is replaced with SslStream during STARTTLS upgrade, causing pre-TLS attacker-injected data to be processed as trusted post-TLS responses. Version 4.16.0 patches the issue.
AnalysisAI
STARTTLS response injection in MailKit prior to version 4.16.0 allows man-in-the-middle attackers to downgrade SASL authentication mechanisms by injecting malicious protocol responses before TLS negotiation completes. The vulnerability stems from failure to flush the internal read buffer when upgrading from plaintext to encrypted connections, enabling attackers to force weaker authentication (e.g., PLAIN instead of SCRAM-SHA-256) on affected SMTP, IMAP, and POP3 connections. User interaction is required (establishing a mail connection through the client), and exploitation requires network position to intercept and modify STARTTLS exchanges. Vendor-released patch version 4.16.0 addresses the issue.
Technical ContextAI
MailKit is a .NET mail client library providing SMTP, IMAP, and POP3 protocol implementations. The vulnerability affects the protocol stream classes (SmtpStream, ImapStream, Pop3Stream) which maintain internal read buffers to parse server responses. During STARTTLS negotiation, these streams replace the underlying network stream with an SslStream to establish TLS encryption. The flaw occurs because data already buffered from the plaintext phase is not discarded before TLS wraps the connection. This violates the trust boundary assumption that post-STARTTLS responses originate from the authenticated server: an attacker positioned on the network can inject SASL capability advertisements or authentication challenge responses into the buffer before STARTTLS completes. When the application consumes buffered data after TLS activation, it treats attacker-controlled content as server-authenticated responses, enabling mechanism downgrade attacks. The root cause is improper state management during protocol upgrade (CWE-74: Improper Neutralization of Special Elements in Output).
RemediationAI
Upgrade MailKit to version 4.16.0 or later immediately. This is the primary and complete fix; the patch flushes the internal read buffer when transitioning from plaintext to TLS, eliminating the response injection window. Organizations unable to upgrade immediately should implement network-level mitigations: enforce HTTPS/TLS proxies for mail traffic, disable STARTTLS and require implicit TLS (port 465/993/995) instead, or restrict mail client usage to authenticated corporate networks with traffic inspection. These workarounds trade convenience (STARTTLS auto-upgrade) for security. The patch carries no known regressions and should be deployed as soon as possible, particularly for production mail systems handling sensitive authentication.
Same technique Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-25388