CVE-2021-26911

Name of the Vulnerable Software and Affected Versions: Canary Mail versions prior to 3.22

Description: The issue is related to missing SSL certificate validation for IMAP in STARTTLS mode. This affects the core/imap/MCIMAPSession.cpp file in Canary Mail.

Recommendations: For versions prior to 3.22, update to version 3.22 or later to resolve the issue. As a temporary workaround, consider disabling the use of STARTTLS mode for IMAP connections until a patch is available. Restrict access to IMAP services to minimize the risk of exploitation. Avoid using IMAP with STARTTLS mode in the affected versions until the issue is resolved.