LOW
elie222
CVE published 2026-05-11
CVE-2026-42865
CVE-2026-42865 is a low-severity information exposure issue in Inbox Zero’s cleaner email stream endpoint. According to the vendor advisory and NVD, versions before 2.29.3 used a shared Redis subscription listener that could deliver thread events from one authenticated account to another authenticated account when the cleaner feature was used at the same time. The issue was fixed in 2.29.3.