VYPR
High severity7.5NVD Advisory· Published Mar 27, 2026· Updated Apr 30, 2026

CVE-2026-27858

CVE-2026-27858

Description

Attacker can send a specifically crafted message before authentication that causes managesieve to allocate large amount of memory. Attacker can force managesieve-login to be unavailable by repeatedly crashing the process. Protect access to managesieve protocol, or install fixed version. No publicly available exploits are known.

Affected products

12

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.