diff --git a/src/main/java/org/apache/commons/net/imap/IMAP.java b/src/main/java/org/apache/commons/net/imap/IMAP.java
index 94927a773..c100035a5 100644
--- a/src/main/java/org/apache/commons/net/imap/IMAP.java
+++ b/src/main/java/org/apache/commons/net/imap/IMAP.java
@@ -106,6 +106,9 @@ static String quoteMailboxName(final String input) {
         if (input == null) { // Don't throw NPE here
             return null;
         }
+        if (input.indexOf('\r') >= 0 || input.indexOf('\n') >= 0) {
+            throw new IllegalArgumentException("Mailbox name cannot contain CR or LF characters");
+        }
         if (input.isEmpty()) {
             return "\"\""; // return the string ""
         }
diff --git a/src/test/java/org/apache/commons/net/imap/IMAPTest.java b/src/test/java/org/apache/commons/net/imap/IMAPTest.java
index 970586b15..51751efd3 100644
--- a/src/test/java/org/apache/commons/net/imap/IMAPTest.java
+++ b/src/test/java/org/apache/commons/net/imap/IMAPTest.java
@@ -19,6 +19,7 @@
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertNull;
+import static org.junit.jupiter.api.Assertions.assertThrows;
 import static org.junit.jupiter.api.Assertions.assertTrue;
 
 import java.util.stream.Stream;
@@ -88,6 +89,16 @@ void testQuoteMailboxNameNullInput() {
         assertNull(IMAP.quoteMailboxName(null));
     }
 
+    @Test
+    void testQuoteMailboxNameRejectsLineFeed() {
+        assertThrows(IllegalArgumentException.class, () -> IMAP.quoteMailboxName("INBOX\nA001 DELETE Sent"));
+    }
+
+    @Test
+    void testQuoteMailboxNameRejectsCarriageReturn() {
+        assertThrows(IllegalArgumentException.class, () -> IMAP.quoteMailboxName("INBOX\r\nA001 DELETE Sent"));
+    }
+
     @Test
     void testQuoteMailboxNoQuotingIfNoSpacePresent() {
         final String stringToQuote = "Foobar\"";