CVE-2021-26911

HIGH

Canary Mail < 3.22 - Missing SSL Certificate Validation for IMAP in STARTTLS Mode

Title source: llm
STIX 2.1

Description

core/imap/MCIMAPSession.cpp in Canary Mail before 3.22 has Missing SSL Certificate Validation for IMAP in STARTTLS mode.

References (6)

Core 6
Core References
Product, Third Party Advisory x_refsource_misc
https://apps.apple.com/us/app/canary-mail/id1236045954
Third Party Advisory x_refsource_misc
https://census-labs.com/news/category/advisories/
Mailing List, Patch, Third Party Advisory x_refsource_misc
https://www.openwall.com/lists/oss-security/2021/02/17/3
Mailing List, Patch, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2021/02/17/3

Scores

CVSS v3 7.4
EPSS 0.0109
EPSS Percentile 61.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Details

CWE
CWE-295
Status published
Products (3)
canarymail/canary_mail 3.20
canarymail/canary_mail 3.21
libmailcore/mailcore2 0.6.4
Published Feb 17, 2021
Tracked Since Feb 18, 2026