FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Python -- imaplib module, when passed a user-controlled command, can have additional commands injected using newlines

Affected packages
0 <= python310
0 <= python311
0 <= python312
0 <= python313
0 <= python313t
0 <= python314

Details

VuXML ID 0be929a5-2e0f-11f1-88c7-00a098b42aeb
Discovery 2026-01-20
Entry 2026-04-01
Modified 2026-04-04

Python Software Foundation Security Developer reports:

The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.

[source]

References

CVE Name CVE-2025-15366
URL https://cveawg.mitre.org/api/cve/CVE-2025-15366

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.