Search CVE reports

Toggle filters

1 – 10 of 75 results

CVE-2026-27860

Medium priority
Vulnerable

v2.4/v3.1 regression: auth-ldap is not escaping usernames. If auth_username_chars is empty, it is possible to inject arbitrary LDAP filter to Dovecot's LDAP authentication. This leads to potentially bypassing restrictions and...

1 affected package

dovecot

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
dovecot Not affected Not affected Not affected Not affected
Show less packages

CVE-2026-27859

Medium priority
Vulnerable

v3.0.2+ regression: Message headers MIME parameter parsing can cause excessive CPU usage. A mail message containing excessive amount of RFC 2231 MIME parameters causes LMTP to use too much CPU. A suitably formatted mail message...

1 affected package

dovecot

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
dovecot Vulnerable Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2026-27858

Medium priority
Vulnerable

managesieve-login out-of-memory DoS. Attacker can send a specifically crafted message before authentication that causes managesieve to allocate large amount of memory. Attacker can force managesieve-login to be unavailable by...

1 affected package

dovecot

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
dovecot Vulnerable Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2026-27857

Medium priority
Vulnerable

imap-login: Excessive memory usage DoS. Sending "NOOP (((...)))" command with 4000 parenthesis open+close results in ~1MB extra memory usage. Longer commands will result in client disconnection. This 1 MB can be left allocated for...

1 affected package

dovecot

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
dovecot Vulnerable Vulnerable Vulnerable Not affected
Show less packages

CVE-2026-27856

Medium priority
Vulnerable

doveadm: Credentials verified without timing safety. Doveadm credentials are verified using direct comparison which is susceptible to timing oracle attack. An attacker can use this to determine the configured credentials. Figuring...

1 affected package

dovecot

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
dovecot Vulnerable Vulnerable Vulnerable Not affected
Show less packages

CVE-2026-27855

Medium priority
Vulnerable

auth: OTP driver vulnerable to replay attack. Dovecot OTP authentication is vulnerable to replay attack under specific conditions. If auth cache is enabled, and username is altered in passdb, then OTP credentials can be cached so...

1 affected package

dovecot

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
dovecot Vulnerable Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2026-24031

Medium priority
Vulnerable

v2.4/v3.1 regression: SQL injection allows bypassing authentication. Dovecot SQL based authentication can be bypassed when auth_username_chars is cleared by admin. This vulnerability allows bypassing authentication for any user...

1 affected package

dovecot

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
dovecot Not affected Not affected Not affected Not affected
Show less packages

CVE-2026-0394

Medium priority
Vulnerable

auth: Path traversal in passwd-file passdb using `%d` (domain) escapes base directory and opens `/etc/passwd`Pre-auth path traversal in passwd-file passdb using `%d` (domain) escapes base directory and opens `/etc/passwd`. When...

1 affected package

dovecot

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
dovecot Vulnerable Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2025-59032

Medium priority
Vulnerable

v2.4/v3.1 regression: Pigeonhole: ManageSieve panic occurs with sieve-connect as a client. ManageSieve AUTHENTICATE command crashes when using literal as ASL initial response. This can be used to crash ManageSieve service...

1 affected package

dovecot

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
dovecot Vulnerable Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2025-59031

Low priority
Vulnerable

decode2text.sh OOXML extraction may follow symlinks and read unintended files during indexing. Dovecot has provided a script to use for attachment to text conversion. This script unsafely handles zip-style attachments. Attacker...

1 affected package

dovecot

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
dovecot Vulnerable Vulnerable Vulnerable Vulnerable
Show less packages
  1. Previous page
  2. 1
  3. 2
  4. 3
  5. 4
  6. 5
  7. Next page
Export to JSON