← back
CVE-2021-26911

CVE-2021-26911

EPSS 1.1%
core/imap/MCIMAPSession.cpp in Canary Mail before 3.22 has Missing SSL Certificate Validation for IMAP in STARTTLS mode.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://apps.apple.com/us/app/canary-mail/id1236045954https://census-labs.com/news/2021/02/17/canary-mail-app-missing-certificate-validation-check-on-imap-starttls/https://census-labs.com/news/category/advisories/https://github.com/canarymail/mailcore2/commit/45acb4efbcaa57a20ac5127dc976538671fce018https://www.openwall.com/lists/oss-security/2021/02/17/3http://www.openwall.com/lists/oss-security/2021/02/17/3