CVE-2026-42006

Name of the Vulnerable Software and Affected Versions dovecot versions prior to 2.4.4-1.1

Description An attacker can cause uncontrolled memory usage via excessive bracing over IMAP. A previous fix was incomplete as it only blocked closing braces, allowing the memory limit to be bypassed using open braces. This can lead to memory consumption reaching the configured limit.

Recommendations Update to version 2.4.4-1.1. Configure vsz limit for the imap process to a low value.