MEDIUM SeverityCVSS 4.06.0CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

CVE-2026-42256

Last updated May 09, 2026 · Published May 09, 2026

Description

Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. From versions 0.4.0 to before 0.4.24, 0.5.0 to before 0.5.14, and 0.6.0 to before 0.6.4, when authenticating a connection with SCRAM-SHA1 or SCRAM-SHA256, a hostile server can perform a computational denial-of-service attack on the client process by sending a big iteration count value. This issue has been patched in versions 0.4.24, 0.5.14, and 0.6.4.

Affected products

1 listed

ruby:net-imap

Mappings

CWE

CWE-1322CWE-770

CAPEC

None listed.

Guides

Rate Limiting in Node.jsPatterns for APIs, login endpoints, and abuse control.

Training

API Design That Defends ItselfREST, GraphQL, and gRPC patterns that reduce your attack surface by design.
Data Protection and EncryptionEncryption at rest, in transit, and the practical choices developers actually make.

CVE-2026-42256

Description

Affected products

Mappings

Related