PatchSiren

PatchSiren cyber security CVE debrief

CVE-2025-15366 Python Software Foundation CVE debrief

The imaplib module in Python is vulnerable to injection attacks when passed user-controlled commands containing newlines. This CVE was published on 2026-01-20T22:15:51.023Z and last modified on 2026-07-07T18:16:33.170Z. The vulnerability has a CVSS score of 5.9 and is classified as MEDIUM severity. Users of Python's imaplib module should assess their exposure and apply mitigations to reject commands with control characters. The vulnerability allows for command injection via newlines in user-controlled commands, which can lead to unauthorized actions.

Vendor
Python Software Foundation
Product
CPython
CVSS
MEDIUM 5.9
CISA KEV
Not listed in stored evidence
Original CVE published
2026-01-20
Original CVE updated
2026-07-07
Advisory published
2026-01-20
Advisory updated
2026-07-07

Who should care

Users of Python's imaplib module, particularly those who handle user-controlled commands, should assess their exposure and apply mitigations to reject commands with control characters. This includes reviewing the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance.

Technical summary

The imaplib module, when handling user-controlled commands, is susceptible to injection of additional commands via newlines. This vulnerability has a CVSS score of 5.9 and is classified as MEDIUM severity. The CVE record was published on 2026-01-20T22:15:51.023Z and last modified on 2026-07-07T18:16:33.170Z. Affected users should assess their exposure and implement mitigations to reject commands containing control characters.

Defensive priority

Medium priority due to the potential for command injection. Users should prioritize assessing their exposure and implementing mitigations.

Recommended defensive actions

  • Inventory Python applications using the imaplib module.
  • Assess exposure to user-controlled imaplib commands.
  • Implement mitigations to reject commands containing control characters.
  • Monitor for suspicious imaplib activity.
  • Apply vendor patches or updates when available.
  • Review compensating controls for exposed systems while remediation is scheduled and verified.
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented.

Evidence notes

The evidence for this CVE is based on the CVE record and NVD details. The CVE was published on 2026-01-20T22:15:51.023Z and last modified on 2026-07-07T18:16:33.170Z. The NVD entry is currently Deferred. Further verification is recommended to assess the impact on specific deployments and to confirm affected scope.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-01-20T22:15:51.023Z and has not been modified since then. The NVD entry is currently Deferred.