MEDIUM
OfflineIMAP
CVE published 2026-06-08
CVE-2020-37248
CVE-2020-37248 is a MEDIUM severity vulnerability in OfflineIMAP that allows for STRIPTLS/man-in-the-middle attacks, enabling attackers to extract account credentials in cleartext. The vulnerability occurs because OfflineIMAP trusts the server with their STARTTLS capability prior to authentication. This issue was patched in version 8.0.3.