CVE-2026-42006
CVSS Score
4.3
EPSS Score
0.0%
EPSS Percentile
0th
An attacker can cause uncontrolled memory usage with excessive bracing over IMAP. The fix in CVE-2026-27857 was incomplete, only blocking one way of doing this, so there was still another way left open. In particular, the fix was for closing braces, but you could still use open braces to bypass the limit. Using excessive bracing, attacker can cause memory usage up to configured memory limit. Install fixed version, or configure vsz_limit for imap process to low value. No publicly available exploits are known.
| CWE | CWE-400 |
| Vendor | open-xchange gmbh |
| Product | ox dovecot pro |
| Published | May 12, 2026 |
| Last Updated | May 12, 2026 |
Stay Ahead of the Next One
Get instant alerts for open-xchange gmbh ox dovecot pro
Be the first to know when new medium vulnerabilities affecting open-xchange gmbh ox dovecot pro are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low
Affected Versions
Open-Xchange GmbH / OX Dovecot Pro
0 โค 3.0.5 0 โค 3.1.4 0 โค 2.4.3