Medium severity4.3NVD Advisory· Published May 11, 2026· Updated May 21, 2026
CVE-2026-42865
CVE-2026-42865
Description
Inbox Zero is an AI personal assistant for email. Prior to 2.29.3, the cleaner email stream endpoint used a shared Redis subscription listener, which could deliver thread events for one authenticated account to another authenticated account using the cleaner feature at the same time. This vulnerability is fixed in 2.29.3.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3(expand)+ 1 more
- (no CPE)
- (no CPE)range: <2.29.3
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.