MEDIUM
jstedfast
CVE published 2026-04-24
CVE-2026-41319
CVE-2026-41319 is a STARTTLS response-injection issue in MailKit versions prior to 4.16.0. A man-in-the-middle can place attacker-controlled protocol responses into the plaintext phase, and those bytes may be treated as trusted after the connection upgrades to TLS. The practical result is authentication integrity loss, including the ability to downgrade SASL mechanism selection (for example, steering a cl [truncated]