QwikSec

Security Database

CVE

CWE

Training

CVE-2026-42865

Published: May 11, 2026

Modified: May 11, 2026

PUBLISHED

Description

Inbox Zero is an AI personal assistant for email. Prior to 2.29.3, the cleaner email stream endpoint used a shared Redis subscription listener, which could deliver thread events for one authenticated account to another authenticated account using the cleaner feature at the same time. This vulnerability is fixed in 2.29.3.

Vendor	Product	Versions
elie222	inbox-zero	affected `< 2.29.3`

Weaknesses (CWE)

References

https://github.com/elie222/inbox-zero/security/advisories/GHSA-f3gp-v7cj-2569

x_refsource_CONFIRM

https://github.com/elie222/inbox-zero/commit/02341923b5460ce9630c4681a9b6461ba466688a

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.