PT-2026-39715 · Unknown · Inbox-Zero

Elie222

·

Published

2026-05-11

·

Updated

2026-05-21

·

CVE-2026-42865

CVSS v3.1

4.3

Medium

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Name of the Vulnerable Software and Affected Versions Inbox Zero versions prior to 2.29.3
Description The cleaner email stream endpoint used a shared Redis subscription listener. This configuration could result in thread events for one authenticated account being delivered to another authenticated account when both were using the cleaner feature simultaneously.
Recommendations Update to version 2.29.3.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-42865
GHSA-F3GP-V7CJ-2569

Affected Products

Inbox-Zero