CVE-2026-41319

Name of the Vulnerable Software and Affected Versions MailKit versions prior to 4.16.0

Description A STARTTLS Response Injection issue allows a Man-in-the-Middle attacker to inject arbitrary protocol responses across the plaintext-to-TLS trust boundary. This can enable a SASL authentication mechanism downgrade, such as forcing the use of PLAIN instead of SCRAM-SHA-256. The issue occurs because the internal read buffer in SmtpStream, ImapStream, and Pop3Stream is not flushed when the underlying stream is replaced with SslStream during a STARTTLS upgrade, leading to pre-TLS attacker-injected data being processed as trusted post-TLS responses.

Recommendations Update to version 4.16.0.