CVE-2026-27856

CVSS Score & Metrics

Base Score

7.4 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N                                    

Vulnerability Description

Doveadm credentials are verified using direct comparison which is susceptible to timing oracle attack. An attacker can use this to determine the configured credentials. Figuring out the credential will lead into full access to the affected component. Limit access to the doveadm http service port, install fixed version. No publicly available exploits are known.

Vulnerability Details

Published Date

March 27, 2026

Last Modified

March 30, 2026

CWE ID

CWE-287

Source

NVD

Vendor

Open-Xchange GmbH

Product

OX Dovecot Pro

External References

https://documentation.open-xchange.com/dovecot/security/advisories/csaf/2026/oxdc-adv-2026-0001.json

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment