There is a MEDIUM severity vulnerability affecting CPython.

The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.

Please see the linked CVE ID for the latest information on affected versions:

• https://www.cve.org/CVERecord?id=CVE-2025-15366
• https://github.com/python/cpython/pull/143922