High severity7.5NVD Advisory· Published Mar 27, 2026· Updated Apr 30, 2026
CVE-2026-27858
CVE-2026-27858
Description
Attacker can send a specifically crafted message before authentication that causes managesieve to allocate large amount of memory. Attacker can force managesieve-login to be unavailable by repeatedly crashing the process. Protect access to managesieve protocol, or install fixed version. No publicly available exploits are known.
Affected products
12cpe:2.3:a:dovecot:dovecot:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:dovecot:dovecot:*:*:*:*:*:*:*:*range: <2.4.3
- (no CPE)
- osv-coords9 versionspkg:rpm/almalinux/dovecotpkg:rpm/almalinux/dovecot-develpkg:rpm/almalinux/dovecot-mysqlpkg:rpm/almalinux/dovecot-pgsqlpkg:rpm/almalinux/dovecot-pigeonholepkg:rpm/opensuse/dovecot24&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/dovecot24&distro=openSUSE%20Tumbleweedpkg:rpm/suse/dovecot24&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/dovecot24&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0
< 1:2.3.21-16.el10_1.1+ 8 more
- (no CPE)range: < 1:2.3.21-16.el10_1.1
- (no CPE)range: < 1:2.3.21-16.el10_1.1
- (no CPE)range: < 1:2.3.21-16.el10_1.1
- (no CPE)range: < 1:2.3.21-16.el10_1.1
- (no CPE)range: < 1:2.3.21-16.el10_1.1
- (no CPE)range: < 2.4.3-160000.1.1
- (no CPE)range: < 2.4.3-1.1
- (no CPE)range: < 2.4.3-160000.1.1
- (no CPE)range: < 2.4.3-160000.1.1
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.