CVE-2026-42006 — An attacker can cause uncontrolled memory usage with
CVE-2026-42006 — An attacker can cause uncontrolled memory usage with excessive bracing over IMAP. The fix in CVE-2026-27857 was incomplete, only blocking one way of doing this, so there was still another way left open. In particular, the fix was for closing braces, but you could still use open brac
What This Means For You
- If your environment is affected by CWE-400, review your exposure and prioritize patching based on your environment. Monitor vendor advisories for CVE-2026-42006 updates and patches.
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-42006 | vulnerability | CVE-2026-42006 |
| CWE-400 | weakness | CWE-400 |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 12, 2026 at 17:17 UTC |
This content was curated and summarized by Shimi's Cyber World for informational purposes. It is not copied or republished in full. All intellectual property rights remain with the original author and source.
Believe this infringes your rights? Submit a takedown request.
Related coverage
Ivanti Endpoint Manager RCE via SQL Injection (CVE-2026-8111)
CVE-2026-8111 — SQL injection in the web console of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to achieve remote code execution.
Ivanti Endpoint Manager Privilege Escalation (CVE-2026-8110)
CVE-2026-8110 — Incorrect permissions assignment in the agent of Ivanti Endpoint Manager before version 2024 SU6 allows a local authenticated attacker to escalate their privileges.
CVE-2026-8109 — An exposed dangerous method on the Core Server of Ivanti
CVE-2026-8109 — An exposed dangerous method on the Core Server of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to leak access credentials.