CVE-2026-42865

EPSS 0.23%
Veröffentlicht 11.05.2026 18:16:36
Zuletzt bearbeitet 21.05.2026 18:03:57
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Inbox Zero: Cross-account cleaner email stream exposure

Inbox Zero is an AI personal assistant for email. Prior to 2.29.3, the cleaner email stream endpoint used a shared Redis subscription listener, which could deliver thread events for one authenticated account to another authenticated account using the cleaner feature at the same time. This vulnerability is fixed in 2.29.3.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Getinboxzero ≫ Inbox Zero Version < 2.29.3

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.23%	0.133

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
security-advisories@github.com	2.3	0	0	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://github.com/elie222/inbox-zero/commit/02341923b5460ce9630c4681a9b6461ba466688a

Patch

https://github.com/elie222/inbox-zero/security/advisories/GHSA-f3gp-v7cj-2569

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-42865

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-42865

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-42865

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-42865