dovecot (AlmaLinux:10) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the AlmaLinux:10 package dovecot, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (3)
CVE-2025-59032 — CVSS 7.5 (high): ManageSieve AUTHENTICATE command crashes when using literal as SASL initial response. This can be used to crash ManageSieve service…
CVE-2026-27858 — CVSS 7.5 (high): Attacker can send a specifically crafted message before authentication that causes managesieve to allocate large amount of memory. Attacker…
CVE-2026-27857 — CVSS 4.3 (medium): Sending "NOOP (((...)))" command with 4000 parenthesis open+close results in ~1MB extra memory usage. Longer commands will result in client…