CVE-2025-15366

Published: Jan 20, 2026

Modified: Feb 26, 2026

PUBLISHED

Description

The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.

Vendor	Product	Versions
Python Software Foundation	CPython	affected `0 - < 3.15.0a6`

Weaknesses (CWE)

CWE-77

References

https://github.com/python/cpython/issues/143921

issue-tracking

https://github.com/python/cpython/pull/143922

patch

https://mail.python.org/archives/list/[email protected]/thread/DD7C7JZJYTBXMDOWKCEIEBJLBRU64OMR/

vendor-advisory

https://github.com/python/cpython/commit/6262704b134db2a4ba12e85ecfbd968534f28b45

patch

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-15366

Description

Affected Products

Weaknesses (CWE)

References