CVE-2026-42865

Source
https://cve.org/CVERecord?id=CVE-2026-42865
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-42865.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-42865
Aliases
  • GHSA-f3gp-v7cj-2569
Published
2026-05-11T17:53:08.330Z
Modified
2026-07-15T01:48:57.261710318Z
Severity
  • 2.3 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N CVSS Calculator
Summary
Inbox Zero: Cross-account cleaner email stream exposure
Details

Inbox Zero is an AI personal assistant for email. Prior to 2.29.3, the cleaner email stream endpoint used a shared Redis subscription listener, which could deliver thread events for one authenticated account to another authenticated account using the cleaner feature at the same time. This vulnerability is fixed in 2.29.3.

Database specific
{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-200"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/42xxx/CVE-2026-42865.json"
}
References

Affected packages

Git / github.com/elie222/inbox-zero

Affected ranges

Type
GIT
Repo
https://github.com/elie222/inbox-zero
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": [
        "AFFECTED_FIELD",
        "CPE_RANGE",
        "REFERENCES"
    ],
    "cpe": "cpe:2.3:a:getinboxzero:inbox_zero:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.29.3"
        }
    ]
}

Affected versions

cli-v2.*
cli-v2.21.15
cli-v2.21.40
v1.*
v1.0.0
v1.0.1
v1.0.2
v1.0.3
v1.0.5
v1.0.7
v1.1.0
v1.1.1
v1.1.10
v1.1.11
v1.1.12
v1.1.13
v1.1.14
v1.1.15
v1.1.16
v1.1.17
v1.1.2
v1.1.4
v1.1.5
v1.1.7
v1.1.8
v1.1.9
v1.10.1
v1.10.2
v1.10.3
v1.10.4
v1.10.5
v1.10.6
v1.10.7
v1.10.8
v1.2.0
v1.2.10
v1.2.11
v1.2.12
v1.2.13
v1.2.15
v1.2.16
v1.2.17
v1.2.18
v1.2.19
v1.2.2
v1.2.20
v1.2.21
v1.2.22
v1.2.23
v1.2.24
v1.2.25
v1.2.26
v1.2.27
v1.2.28
v1.2.29
v1.2.3
v1.2.30
v1.2.31
v1.2.32
v1.2.33
v1.2.34
v1.2.35
v1.2.36
v1.2.38
v1.2.39
v1.2.4
v1.2.40
v1.2.41
v1.2.42
v1.2.43
v1.2.44
v1.2.5
v1.2.6
v1.2.7
v1.2.8
v1.2.9
v1.3.0
v1.3.1
v1.3.10
v1.3.11
v1.3.12
v1.3.13
v1.3.14
v1.3.15
v1.3.16
v1.3.17
v1.3.18
v1.3.2
v1.3.21
v1.3.22
v1.3.23
v1.3.24
v1.3.25
v1.3.26
v1.3.27
v1.3.28
v1.3.29
v1.3.3
v1.3.4
v1.3.5
v1.3.6
v1.3.7
v1.3.8
v1.3.9
v1.4.0
v1.4.1
v1.4.10
v1.4.11
v1.4.12
v1.4.13
v1.4.14
v1.4.15
v1.4.2
v1.4.3
v1.4.4
v1.4.5
v1.4.6
v1.4.7
v1.4.8
v1.4.9
v1.5.0
v1.5.1
v1.5.2
v1.5.3
v1.5.4
v1.5.5
v1.5.6
v1.5.7
v1.6.0
v1.6.1
v1.6.2
v1.6.3
v1.6.4
v1.6.5
v1.6.6
v1.6.8
v1.7.1
v1.7.10
v1.7.11
v1.7.12
v1.7.13
v1.7.14
v1.7.15
v1.7.16
v1.7.17
v1.7.18
v1.7.19
v1.7.2
v1.7.20
v1.7.21
v1.7.22
v1.7.23
v1.7.24
v1.7.25
v1.7.26
v1.7.27
v1.7.28
v1.7.3
v1.7.4
v1.7.5
v1.7.6
v1.7.7
v1.7.8
v1.7.9
v1.8.0
v1.8.1
v1.8.3
v1.8.4
v1.8.5
v1.8.6
v1.8.7
v1.8.8
v1.9.0
v1.9.1
v1.9.10
v1.9.11
v1.9.12
v1.9.13
v1.9.14
v1.9.15
v1.9.16
v1.9.17
v1.9.18
v1.9.19
v1.9.2
v1.9.20
v1.9.21
v1.9.3
v1.9.4
v1.9.5
v1.9.6
v1.9.7
v1.9.8
v1.9.9
v2.*
v2.0.1
v2.0.10
v2.0.11
v2.0.12
v2.0.13
v2.0.2
v2.0.3
v2.0.4
v2.0.5
v2.0.6
v2.0.7
v2.0.8
v2.0.9
v2.1.0
v2.1.1
v2.1.2
v2.1.3
v2.10.1
v2.10.11
v2.10.12
v2.10.14
v2.10.15
v2.10.16
v2.10.17
v2.10.18
v2.10.19
v2.10.2
v2.10.3
v2.10.5
v2.10.6
v2.10.7
v2.10.8
v2.10.9
v2.11.1
v2.12.0
v2.12.1
v2.12.2
v2.12.3
v2.13.0
v2.13.1
v2.13.2
v2.13.3
v2.13.4
v2.13.5
v2.13.6
v2.13.7
v2.13.8
v2.13.9
v2.14.0
v2.14.1
v2.14.2
v2.15.0
v2.15.1
v2.15.2
v2.15.3
v2.15.4
v2.15.5
v2.16.0
v2.16.10
v2.16.11
v2.16.2
v2.16.3
v2.16.4
v2.16.5
v2.16.6
v2.16.7
v2.16.9
v2.17.0
v2.17.1
v2.17.10
v2.17.11
v2.17.12
v2.17.13
v2.17.15
v2.17.16
v2.17.17
v2.17.18
v2.17.19
v2.17.2
v2.17.20
v2.17.21
v2.17.22
v2.17.23
v2.17.24
v2.17.25
v2.17.26
v2.17.27
v2.17.28
v2.17.29
v2.17.3
v2.17.30
v2.17.31
v2.17.32
v2.17.33
v2.17.34
v2.17.35
v2.17.36
v2.17.37
v2.17.38
v2.17.39
v2.17.4
v2.17.40
v2.17.41
v2.17.42
v2.17.43
v2.17.44
v2.17.5
v2.17.6
v2.17.7
v2.17.8
v2.17.9
v2.18.0
v2.18.1
v2.18.10
v2.18.11
v2.18.13
v2.18.14
v2.18.15
v2.18.16
v2.18.17
v2.18.18
v2.18.19
v2.18.2
v2.18.20
v2.18.21
v2.18.22
v2.18.23
v2.18.24
v2.18.25
v2.18.26
v2.18.3
v2.18.4
v2.18.5
v2.18.6
v2.18.7
v2.18.8
v2.18.9
v2.19.0
v2.19.2
v2.19.3
v2.19.4
v2.19.5
v2.19.6
v2.19.7
v2.19.8
v2.2.0
v2.2.1
v2.2.3
v2.2.4
v2.2.5
v2.20.10
v2.20.11
v2.20.12
v2.20.13
v2.20.14
v2.20.15
v2.20.16
v2.20.18
v2.20.19
v2.20.2
v2.20.20
v2.20.21
v2.20.22
v2.20.23
v2.20.24
v2.20.25
v2.20.26
v2.20.27
v2.20.28
v2.20.29
v2.20.3
v2.20.30
v2.20.4
v2.20.5
v2.20.6
v2.20.7
v2.20.8
v2.20.9
v2.21.0
v2.21.1
v2.21.10
v2.21.11
v2.21.12
v2.21.13
v2.21.15
v2.21.16
v2.21.17
v2.21.18
v2.21.19
v2.21.2
v2.21.20
v2.21.21
v2.21.22
v2.21.23
v2.21.24
v2.21.25
v2.21.26
v2.21.27
v2.21.29
v2.21.3
v2.21.30
v2.21.31
v2.21.32
v2.21.33
v2.21.34
v2.21.35
v2.21.36
v2.21.37
v2.21.38
v2.21.39
v2.21.4
v2.21.40
v2.21.41
v2.21.42
v2.21.43
v2.21.44
v2.21.45
v2.21.46
v2.21.47
v2.21.48
v2.21.49
v2.21.5
v2.21.50
v2.21.51
v2.21.52
v2.21.54
v2.21.55
v2.21.56
v2.21.57
v2.21.58
v2.21.59
v2.21.6
v2.21.60
v2.21.61
v2.21.62
v2.21.63
v2.21.64
v2.21.65
v2.21.67
v2.21.68
v2.21.7
v2.21.8
v2.21.9
v2.22.0
v2.22.1
v2.23.0
v2.23.1
v2.23.2
v2.23.3
v2.23.4
v2.23.5
v2.23.6
v2.23.7
v2.23.8
v2.24.0
v2.24.1
v2.24.2
v2.24.3
v2.24.4
v2.24.5
v2.24.6
v2.24.7
v2.24.8
v2.25.0
v2.25.1
v2.25.2
v2.25.3
v2.25.4
v2.25.5
v2.25.6
v2.25.7
v2.25.8
v2.26.0
v2.27.0
v2.28.0
v2.29.0
v2.29.1
v2.29.2
v2.3.0
v2.3.1
v2.3.2
v2.3.3
v2.3.4
v2.3.5
v2.3.6
v2.3.7
v2.3.8
v2.3.9
v2.4.0
v2.4.10
v2.4.11
v2.4.12
v2.4.2
v2.4.3
v2.4.4
v2.4.5
v2.4.6
v2.4.7
v2.4.8
v2.4.9
v2.5.0
v2.5.10
v2.5.11
v2.5.12
v2.5.13
v2.5.14
v2.5.15
v2.5.16
v2.5.17
v2.5.18
v2.5.19
v2.5.2
v2.5.20
v2.5.21
v2.5.22
v2.5.24
v2.5.25
v2.5.26
v2.5.27
v2.5.28
v2.5.29
v2.5.3
v2.5.30
v2.5.31
v2.5.32
v2.5.33
v2.5.34
v2.5.35
v2.5.36
v2.5.37
v2.5.38
v2.5.39
v2.5.4
v2.5.40
v2.5.41
v2.5.42
v2.5.43
v2.5.44
v2.5.45
v2.5.46
v2.5.48
v2.5.49
v2.5.5
v2.5.6
v2.5.8
v2.5.9
v2.6.0
v2.6.1
v2.6.10
v2.6.11
v2.6.12
v2.6.13
v2.6.14
v2.6.15
v2.6.16
v2.6.17
v2.6.18
v2.6.19
v2.6.2
v2.6.20
v2.6.21
v2.6.22
v2.6.23
v2.6.24
v2.6.25
v2.6.26
v2.6.3
v2.6.4
v2.6.5
v2.6.6
v2.6.7
v2.6.8
v2.6.9
v2.7.0
v2.7.1
v2.7.2
v2.7.3
v2.7.4
v2.7.5
v2.7.6
v2.7.7
v2.7.8
v2.7.9
v2.8.0
v2.8.1
v2.8.10
v2.8.11
v2.8.12
v2.8.13
v2.8.14
v2.8.2
v2.8.3
v2.8.4
v2.8.5
v2.8.6
v2.8.7
v2.8.8
v2.8.9
v2.9.0
v2.9.1
v2.9.10
v2.9.11
v2.9.12
v2.9.13
v2.9.14
v2.9.15
v2.9.16
v2.9.17
v2.9.18
v2.9.19
v2.9.2
v2.9.20
v2.9.21
v2.9.22
v2.9.23
v2.9.24
v2.9.25
v2.9.26
v2.9.27
v2.9.28
v2.9.29
v2.9.3
v2.9.30
v2.9.31
v2.9.32
v2.9.33
v2.9.34
v2.9.35
v2.9.36
v2.9.37
v2.9.38
v2.9.39
v2.9.4
v2.9.40
v2.9.41
v2.9.42
v2.9.43
v2.9.44
v2.9.45
v2.9.46
v2.9.47
v2.9.48
v2.9.5
v2.9.6
v2.9.7
v2.9.8
v2.9.9

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-42865.json"