{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2469", "assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "state": "PUBLISHED", "assignerShortName": "snyk", "dateReserved": "2026-02-13T14:30:50.548Z", "datePublished": "2026-02-14T05:00:05.646Z", "dateUpdated": "2026-02-17T20:01:40.343Z"}, "containers": {"cna": {"metrics": [{"cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "exploitCodeMaturity": "PROOF_OF_CONCEPT", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "HIGH", "baseScore": 7.6, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H/E:P"}, "cvssV4_0": {"version": "4.0", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 7.2, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:P"}}], "credits": [{"value": "Wan Amirul Hakim Wan Yuhainis", "lang": "en"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-74", "description": "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", "lang": "en"}]}], "providerMetadata": {"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "shortName": "snyk", "dateUpdated": "2026-02-14T05:00:05.646Z"}, "descriptions": [{"value": "Versions of the package directorytree/imapengine before 1.22.3 are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') via the id() function in ImapConnection.php due to improperly escaping user input before including it in IMAP ID commands. This allows attackers to read or delete victim's emails, terminate the victim's session or execute any valid IMAP command on victim's mailbox by including quote characters \" or CRLF sequences \\r\\n in the input.", "lang": "en"}], "references": [{"url": "https://security.snyk.io/vuln/SNYK-PHP-DIRECTORYTREEIMAPENGINE-15274300"}, {"url": "https://github.com/DirectoryTree/ImapEngine/pull/150"}, {"url": "https://github.com/DirectoryTree/ImapEngine/commit/87fca56affd9527e6907a705e6d600c5174d9a5a"}, {"url": "https://gist.github.com/wanamirulhakim/74b41589cdea3c07c3375e5946960778"}], "affected": [{"product": "directorytree/imapengine", "versions": [{"version": "0", "lessThan": "1.22.3", "status": "affected", "versionType": "semver"}], "vendor": "n/a"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-17T20:01:32.912561Z", "id": "CVE-2026-2469", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-17T20:01:40.343Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-2469", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-17T20:01:32.912561Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-17T20:01:36.416Z"}}], "cna": {"credits": [{"lang": "en", "value": "Wan Amirul Hakim Wan Yuhainis"}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H/E:P", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "exploitCodeMaturity": "PROOF_OF_CONCEPT", "confidentialityImpact": "LOW"}, "cvssV4_0": {"version": "4.0", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:P", "exploitMaturity": "PROOF_OF_CONCEPT", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW"}}], "affected": [{"vendor": "n/a", "product": "directorytree/imapengine", "versions": [{"status": "affected", "version": "0", "lessThan": "1.22.3", "versionType": "semver"}]}], "references": [{"url": "https://security.snyk.io/vuln/SNYK-PHP-DIRECTORYTREEIMAPENGINE-15274300"}, {"url": "https://github.com/DirectoryTree/ImapEngine/pull/150"}, {"url": "https://github.com/DirectoryTree/ImapEngine/commit/87fca56affd9527e6907a705e6d600c5174d9a5a"}, {"url": "https://gist.github.com/wanamirulhakim/74b41589cdea3c07c3375e5946960778"}], "descriptions": [{"lang": "en", "value": "Versions of the package directorytree/imapengine before 1.22.3 are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') via the id() function in ImapConnection.php due to improperly escaping user input before including it in IMAP ID commands. This allows attackers to read or delete victim's emails, terminate the victim's session or execute any valid IMAP command on victim's mailbox by including quote characters \" or CRLF sequences \\r\\n in the input."}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-74", "description": "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')"}]}], "providerMetadata": {"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "shortName": "snyk", "dateUpdated": "2026-02-14T05:00:05.646Z"}}}, "cveMetadata": {"cveId": "CVE-2026-2469", "state": "PUBLISHED", "dateUpdated": "2026-02-17T20:01:40.343Z", "dateReserved": "2026-02-13T14:30:50.548Z", "assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "datePublished": "2026-02-14T05:00:05.646Z", "assignerShortName": "snyk"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Versions of the package directorytree/imapengine before 1.22.3 are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') via the id() function in ImapConnection.php due to improperly escaping user input before including it in IMAP ID commands. This allows attackers to read or delete victim's emails, terminate the victim's session or execute any valid IMAP command on victim's mailbox by including quote characters \" or CRLF sequences \\r\\n in the input."}, {"lang": "es", "value": "Versiones del paquete directorytree/imapengine anteriores a la 1.22.3 son vulnerables a la Neutralizaci\u00f3n Incorrecta de Elementos Especiales en la Salida Utilizada por un Componente Descendente ('Inyecci\u00f3n') a trav\u00e9s de la funci\u00f3n id() en ImapConnection.PHP debido al escape incorrecto de la entrada del usuario antes de incluirla en los comandos IMAP ID. Esto permite a los atacantes leer o eliminar los correos electr\u00f3nicos de la v\u00edctima, terminar la sesi\u00f3n de la v\u00edctima o ejecutar cualquier comando IMAP v\u00e1lido en el buz\u00f3n de la v\u00edctima al incluir caracteres de comillas \" o secuencias CRLF \\r\\n en la entrada."}], "id": "CVE-2026-2469", "lastModified": "2026-04-29T01:00:01.613", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.7, "source": "report@snyk.io", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "report@snyk.io", "type": "Secondary"}]}, "published": "2026-02-14T05:16:22.270", "references": [{"source": "report@snyk.io", "url": "https://gist.github.com/wanamirulhakim/74b41589cdea3c07c3375e5946960778"}, {"source": "report@snyk.io", "url": "https://github.com/DirectoryTree/ImapEngine/commit/87fca56affd9527e6907a705e6d600c5174d9a5a"}, {"source": "report@snyk.io", "url": "https://github.com/DirectoryTree/ImapEngine/pull/150"}, {"source": "report@snyk.io", "url": "https://security.snyk.io/vuln/SNYK-PHP-DIRECTORYTREEIMAPENGINE-15274300"}], "sourceIdentifier": "report@snyk.io", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}], "source": "report@snyk.io", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.22.3)"}}], "product": "imapengine", "vendor": "directorytree"}], "analysis": {"en": {"generated_at": "2026-04-17T19:46:08.754525+00:00", "value": {"mitigation_remediation": ["Upgrade ImapEngine to version 1.22.3 or later to remove the injection flaw.", "If an upgrade cannot be performed immediately, sanitize all data supplied to the id() function by escaping quotation marks and CRLF sequences before constructing the IMAP ID command, thereby mitigating CWE\u201174.", "Implement least\u2011privilege controls for ImapEngine and monitor IMAP logs for anomalous ID command activity to detect potential exploitation attempts."], "summary": {"action": "Apply Patch", "impact": "Command Injection"}, "threat_synthesis": {"affected_systems": "The vulnerable product is DirectoryTree\u2019s ImapEngine. All releases before 1.22.3 are affected. No other major versions are listed as impacted.", "description_and_impact": "ImapEngine versions prior to 1.22.3 embed user supplied data directly into IMAP ID commands without proper escaping. This flaw, classified as CWE-74, allows an attacker to inject quote characters or CRLF sequences into the command string. By exploiting this, an attacker can read or delete mailbox contents, terminate a victim\u2019s IMAP session, or execute any valid IMAP command on the victim\u2019s mailbox, resulting in unauthorized data exposure, loss, or modification.", "risk_and_exploitability": "The CVSS score of 7.2 indicates moderate severity, while an EPSS score of less than 1\u202f% suggests a low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires an attacker to supply a specially crafted IMAP ID command, which implies that a user session or an automated IMAP client can act as the attack vector. Based on the description, the likely attack path involves feeding unsanitized input into the id() function from a downstream IMAP component."}}}}, "created": "2026-02-17T08:50:04.629275+00:00", "updated": "2026-04-17T20:00:08.998866+00:00", "vendors": ["directorytree", "directorytree$PRODUCT$imapengine"]}