HIGHCVE-2026-24031Published Modified CNA OX
CVE-2026-24031: Dovecot SQL based authentication can be bypassed when auth_username_chars is cleared by admin
Dovecot SQL based authentication can be bypassed when auth_username_chars is cleared by admin. This vulnerability allows bypassing authentication for any user and user enumeration. Do not clear auth_username_chars. If this is not possible, install latest fixed version. No publicly available exploits are known.
Metrics
- CVSS v3.1
- 7.7
- Severity
- HIGH
- Fixed in
- —
- Affected Products
- 1
Affected packages
- Open-Xchange GmbH / OX Dovecot Pro≤ 3.1.0 · ≤ 2.4.0
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:LReferences