Every CVE whose affected-product data names Open-xchange Dovecot, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (16)
CVE-2026-24031 — CVSS 7.7 (high): Dovecot SQL based authentication can be bypassed when auth_username_chars is cleared by admin. This vulnerability allows bypassing…
CVE-2025-59032 — CVSS 7.5 (high): ManageSieve AUTHENTICATE command crashes when using literal as SASL initial response. This can be used to crash ManageSieve service…
CVE-2026-27858 — CVSS 7.5 (high): Attacker can send a specifically crafted message before authentication that causes managesieve to allocate large amount of memory. Attacker…
CVE-2026-27851 — CVSS 7.4 (high): When safe filter is used with variable expansion, all following pipelines on the same string are incorrectly interpreted as safe too…
CVE-2026-27856 — CVSS 7.4 (high): Doveadm credentials are verified using direct comparison which is susceptible to timing oracle attack. An attacker can use this to…
CVE-2026-33603 — CVSS 6.8 (medium): Attacker can use a specially crafted base64 exchange between Dovecot and Client to fake SCRAM TLS channel binding. This requires that the…
CVE-2026-27855 — CVSS 6.8 (medium): Dovecot OTP authentication is vulnerable to replay attack under specific conditions. If auth cache is enabled, and username is altered in…
CVE-2026-27859 — CVSS 5.3 (medium): A mail message containing excessive amount of RFC 2231 MIME parameters causes LMTP to use too much CPU. A suitably formatted mail message…
CVE-2026-40016 — CVSS 5.3 (medium): Attacker can upload a malicious Sieve script over ManageSieve service (or locally) to bypass configured CPU time limits for Sieve up to 130…
CVE-2026-0394 — CVSS 5.3 (medium): When dovecot has been configured to use per-domain passwd files, and they are placed one path component above /etc, or slash has been added…
CVE-2025-59028 — CVSS 5.3 (medium): When sending invalid base64 SASL data, login process is disconnected from the auth server, causing all active authentication sessions to…
CVE-2026-42006 — CVSS 4.3 (medium): An attacker can cause uncontrolled memory usage with excessive bracing over IMAP. The fix in CVE-2026-27857 was incomplete, only blocking…
CVE-2025-59031 — CVSS 4.3 (medium): Dovecot has provided a script to use for attachment to text conversion. This script unsafely handles zip-style attachments. Attacker can…
CVE-2026-27857 — CVSS 4.3 (medium): Sending "NOOP (((...)))" command with 4000 parenthesis open+close results in ~1MB extra memory usage. Longer commands will result in client…
CVE-2026-27860 — CVSS 3.7 (low): If auth_username_chars is empty, it is possible to inject arbitrary LDAP filter to Dovecot's LDAP authentication. This leads to potentially…
CVE-2026-40020 — CVSS 3.1 (low): Attacker can use the IMAP SETACL command to inject the anyone permission to user's dovecot-acl file even if imap_acl_allow_anyone=no. This…