PT-2026-3652 · Email+3 · Email+3

Denis Ledoux

+1

·

Published

2026-01-15

·

Updated

2026-05-05

·

CVE-2025-11468

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:C/A:N
Name of the Vulnerable Software and Affected Versions Versions prior to 2025-11468
Description A flaw exists where parenthesis are not preserved when folding a long comment in an email header containing exclusively unfoldable characters. This can allow for the injection of headers into email messages when addresses are user-controlled and not properly sanitized.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Weakness Enumeration

CWE-93

Related Identifiers

AZL-75035
AZL-75047
BDU:2026-06436
BIT-LIBPYTHON-2025-11468
BIT-PYTHON-2025-11468
BIT-PYTHON-MIN-2025-11468
CVE-2025-11468
ECHO-246D-6BD6-6778
OESA-2026-1458
OESA-2026-1459
OESA-2026-1460
OESA-2026-1461
OPENSUSE-SU-2026:10117-1
OPENSUSE-SU-2026:10126-1
OPENSUSE-SU-2026:10200-1
OPENSUSE-SU-2026:10221-1
OPENSUSE-SU-2026:10222-1
OPENSUSE-SU-2026:10223-1
OPENSUSE-SU-2026:20254-1
PSF-2026-1
RHSA-2026:7443
RHSA-2026:7661
RHSA-2026:8822
RHSA-2026:8824
SUSE-SU-2026:0612-1
SUSE-SU-2026:0613-1
SUSE-SU-2026:0642-1
SUSE-SU-2026:0643-1
SUSE-SU-2026:0644-1
SUSE-SU-2026:0645-1
SUSE-SU-2026:0664-1
SUSE-SU-2026:0693-1
SUSE-SU-2026:0767-1
SUSE-SU-2026:1062-1
SUSE-SU-2026:1107-1
SUSE-SU-2026:1117-1
SUSE-SU-2026:1349-1
SUSE-SU-2026:20543-1
SUSE-SU-2026:20581-1
SUSE-SU-2026:20665-1
SUSE-SU-2026:20710-1
SUSE-SU-2026:20768-1
SUSE-SU-2026:20796-1
USN-8018-1

Affected Products

Email
Linuxmint
Red Os
Ubuntu