VYPR

Core

by Dovecot (software)

Source repositories

CVEs (2)

  • CVE-2026-42006MedMay 12, 2026
    risk 0.28cvss 4.3epss 0.00

    An attacker can cause uncontrolled memory usage with excessive bracing over IMAP. The fix in CVE-2026-27857 was incomplete, only blocking one way of doing this, so there was still another way left open. In particular, the fix was for closing braces, but you could still use open…

  • CVE-2026-40020LowMay 12, 2026
    risk 0.20cvss 3.1epss 0.00

    Attacker can use the IMAP SETACL command to inject the anyone permission to user's dovecot-acl file even if imap_acl_allow_anyone=no. This causes folders to be spammed to all users. The impact is limited to being able to spam folders to other users, no unexpected access is…