CVE-2026-27859

MEDIUM

OX Dovecot Pro <3.0.2 - DoS

Title source: llm

Description

A mail message containing excessive amount of RFC 2231 MIME parameters causes LMTP to use too much CPU. A suitably formatted mail message causes mail delivery process to consume large amounts of CPU time. Use MTA capabilities to limit RFC 2231 MIME parameters in mail messages, or upgrade to fixed version where the processing is limited. No publicly available exploits are known.

References (1)

[Vendor Advisory] https://documentation.open-xchange.com/dovecot/security/advisories/csaf/2026/oxdc-adv-2026-0001.json

Scores

CVSS v3 5.3

EPSS 0.0002

EPSS Percentile 5.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-400

Status published

Products (3)

Open-Xchange GmbH/OX Dovecot Pro < 2.4.0

Open-Xchange GmbH/OX Dovecot Pro < 3.0.2

Open-Xchange GmbH/OX Dovecot Pro < 3.1.0

Published Mar 27, 2026

Tracked Since Mar 27, 2026