Components
Vulnerabilities
Pricing
MCP
API
Docs
Sign up
Login
directorytree/imapengine v1.18.4 | Vulnera… | Sonatype Guide
composer
directorytree
imapengine
v1.18.4
imapengine v1.18.4
directorytree
Published
Nov 2, 2025
•
Policy
compliance
composer Registry
Developer Trust Score
N/A
Recommended Version:
x.y.z
Latest version with 0 known vulnerabilities that meets your policy.
Compare Versions
Overview
Overview
Versions
76
Versions
76
Vulnerabilities
1
Vulnerabilities
1
Dependencies
0
Dependencies
0
Reset filters
Severity
Critical
(0)
High
(1)
Medium
(0)
Low
(0)
CVSS Score
0.0
10.0
EPSS Score
0.0
1.0
Malware
KEV Status
Published
Filter
Sort: Published (Newest first)
7.2
CVE-2026-2469
Versions of the package directorytree/imapengine before 1.22.3 are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') via the id() function in ImapConnection.php due to improperly escaping user input before including it in IMAP ID commands. This allows attackers to read or delete victim's emails, terminate the victim's session or execute any valid IMAP command on victim's mailbox by including quote characters " or CRLF sequences \r\n in the input.
affected
Severity
High
Published
Feb 16, 2026
