CVE-2026-42006 | THREATINT

Description

An attacker can cause uncontrolled memory usage with excessive bracing over IMAP. The fix in CVE-2026-27857 was incomplete, only blocking one way of doing this, so there was still another way left open. In particular, the fix was for closing braces, but you could still use open braces to bypass the limit. Using excessive bracing, attacker can cause memory usage up to configured memory limit. Install fixed version, or configure vsz_limit for imap process to low value. No publicly available exploits are known.

PUBLISHED Reserved 2026-04-23 | Published 2026-05-12 | Updated 2026-05-12 | Assigner OX

MEDIUM: 4.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Problem types

Uncontrolled Resource Consumption

Product status

Default status

unaffected

Any version

affected

Any version

affected

Any version

affected

References

documentation.open-xchange.com/...26/oxdc-adv-2026-0002.json vendor-advisory

cve.org (CVE-2026-42006)

nvd.nist.gov (CVE-2026-42006)

Download JSON