CVE-2026-27851
HIGHOX Dovecot Pro < 2.4.3 and < 3.1.4 - SQL and LDAP Injection via Safe Filter Bypass
Title source: llmDescription
When safe filter is used with variable expansion, all following pipelines on the same string are incorrectly interpreted as safe too, enabling unsafe data to be unescaped. This can enable SQL / LDAP injection attacks when used in authentication. Avoid using safe filter until on fixed version. No publicly available exploits are known.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
https://documentation.open-xchange.com/dovecot/security/advisories/csaf/2026/oxdc-adv-2026-0002.json
Scores
CVSS v3
7.4
EPSS
0.0002
EPSS Percentile
3.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-235
Status
published
Products (4)
dovecot/dovecot
< 2.4.4
open-xchange/dovecot
< 3.1.5
Open-Xchange GmbH/OX Dovecot Pro
< 2.4.3
Open-Xchange GmbH/OX Dovecot Pro
< 3.1.4
Published
May 12, 2026
Tracked Since
May 12, 2026