Skip to main content

Mailkit

1 CVEs product

Monthly

CVE-2026-41319 NuGet MEDIUM PATCH This Month

STARTTLS response injection in MailKit prior to version 4.16.0 allows man-in-the-middle attackers to downgrade SASL authentication mechanisms by injecting malicious protocol responses before TLS negotiation completes. The vulnerability stems from failure to flush the internal read buffer when upgrading from plaintext to encrypted connections, enabling attackers to force weaker authentication (e.g., PLAIN instead of SCRAM-SHA-256) on affected SMTP, IMAP, and POP3 connections. User interaction is required (establishing a mail connection through the client), and exploitation requires network position to intercept and modify STARTTLS exchanges. Vendor-released patch version 4.16.0 addresses the issue.

Code Injection Mailkit
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

STARTTLS response injection in MailKit prior to version 4.16.0 allows man-in-the-middle attackers to downgrade SASL authentication mechanisms by injecting malicious protocol responses before TLS negotiation completes. The vulnerability stems from failure to flush the internal read buffer when upgrading from plaintext to encrypted connections, enabling attackers to force weaker authentication (e.g., PLAIN instead of SCRAM-SHA-256) on affected SMTP, IMAP, and POP3 connections. User interaction is required (establishing a mail connection through the client), and exploitation requires network position to intercept and modify STARTTLS exchanges. Vendor-released patch version 4.16.0 addresses the issue.

Code Injection Mailkit
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy