CVE-2026-27851 HIGH

CVE-2026-27851

Vendor Open-Xchange Gmbh
Product OX Dovecot Pro
Weakness CWE-235
Published May 12, 2026
Last update June 30, 2026

CVSS base score

7.4/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

When safe filter is used with variable expansion, all following pipelines on the same string are incorrectly interpreted as safe too, enabling unsafe data to be unescaped. This can enable SQL / LDAP injection attacks when used in authentication. Avoid using safe filter until on fixed version. No publicly available exploits are known.

Key dates

02Disclosure timeline

May 12, 2026 CVE published
June 30, 2026 Record updated