Changeflow GovPing Data Privacy & Cybersecurity Dovecot Vulnerabilities Allow SQL Injection, Au...
Priority review Notice Amended Final

Dovecot Vulnerabilities Allow SQL Injection, Authentication Bypass, Info Exposure

Favicon for wid.cert-bund.de CERT-Bund Security Advisories
Published March 26th, 2026
Detected March 28th, 2026
Email

Summary

CERT-Bund has issued a security advisory for Dovecot, an open-source email server, detailing multiple vulnerabilities. These flaws, with a CVSS base score of 7.7, can be exploited by attackers to perform SQL injection, bypass authentication, expose sensitive information, or cause denial-of-service conditions. Mitigation is available.

View original document View source feed page

What changed

CERT-Bund has released advisory WID-SEC-2026-0891 concerning multiple critical vulnerabilities in Dovecot, an open-source IMAP and POP3 email server. The vulnerabilities, rated with a CVSS base score of 7.7, allow remote attackers to conduct SQL injection attacks, bypass authentication mechanisms, disclose confidential information, and potentially cause denial-of-service conditions. The advisory affects Dovecot versions prior to 2.4.0 and prior to 2.4.3.

Organizations using affected versions of Dovecot must apply available mitigations immediately to prevent exploitation. This includes updating to a patched version or implementing specific security configurations as recommended by the vendor. Failure to address these vulnerabilities could lead to significant data breaches, unauthorized access to email accounts, and disruption of email services.

What to do next

  1. Update Dovecot to a patched version (e.g., 2.4.3 or later) or apply vendor-recommended mitigations.
  2. Review system logs for any signs of exploitation related to the described vulnerabilities.
  3. Assess the impact of potential information disclosure or authentication bypass on sensitive data.

Source document (simplified)

[WID-SEC-2026-0891] Dovecot: Mehrere Schwachstellen CVSS Base Score 7.7 (hoch) CVSS Temporal Score 6.7 (mittel) Remoteangriff ja Datum 26.03.2026 Stand 27.03.2026 Mitigation ja

Betroffene Systeme

Betriebssystem

  • Sonstiges
  • UNIX

Produktbeschreibung

Dovecot ist ein Open Source IMAP und POP3 E-Mail Server.

Produkte

26.03.2026
- Open Source Dovecot <2.4.0

  • Open Source Dovecot <2.4.3

Angriff

Angriff

Ein Angreifer kann mehrere Schwachstellen in Dovecot ausnutzen, um SQL-Injection-Angriffe durchzuführen, die Authentifizierung zu umgehen, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand herbeizuführen. CVE Informationen Versionshistorie Feedback zum Advisory geben

Related changes

Favicon for wid.cert-bund.de IBM App Connect Enterprise Critical Vulnerabilities
Urgent Mar 28, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for wid.cert-bund.de Hitachi Virtual Storage Platform Vulnerabilities
Urgent Mar 28, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for wid.cert-bund.de LangChain vulnerability allows information disclosure
Priority review Mar 28, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for www.gov.bm Bermuda Launches National Cybersecurity Risk Assessment
Priority review Mar 28, 2026 Bermuda Government News Government & Legislation
Favicon for www.nist.gov Draft NIST Cyber AI Profile for Cybersecurity Guidelines
Priority review Mar 28, 2026 NIST News Data Privacy & Cybersecurity
Favicon for usdaoig.oversight.gov USDA IT Security Directives Lack Relevance and Effectiveness
Priority review Mar 28, 2026 USDA OIG Reports Agriculture & Food Safety

Source

Favicon for wid.cert-bund.de
CERT-Bund Security Advisories wid.cert-bund.de/content/public/securityAdvisory/rss
Data Privacy & Cybersecurity
Analysis generated by AI. Source diff and links are from the original.

Classification

Agency
CERT-Bund
Published
March 26th, 2026
Instrument
Notice
Legal weight
Non-binding
Stage
Final
Change scope
Substantive
Document ID
WID-SEC-2026-0891

Who this affects

Industry sector
5112 Software & Technology
Activity scope
Email Server Management Vulnerability Management
Geographic scope
Germany DE

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Compliance frameworks
NIST CSF
Topics
Information Security Vulnerability Management

Browse Categories

Agriculture & Food Safety 63 AI Regulation 3 Banking & Finance 264 Consumer Protection 44 Courts & Legal 358 Data Privacy & Cybersecurity 69 Defense & National Security 52 Education 20 Energy 106 Environment 85 Government & Legislation 285 Healthcare 136 Housing 16 Immigration 9 Insurance 56 Labor & Employment 114 Legal & Courts 1 Pharma & Drug Safety 103 Securities & Markets 87 Tax 65 Tax & Revenue 1 Telecom & Technology 47 Trade & Sanctions 124 Transportation 57

Get Data Privacy & Cybersecurity alerts

Weekly digest. AI-summarized, no noise.

Free. Unsubscribe anytime.

Get alerts for this source

We'll email you when CERT-Bund Security Advisories publishes new changes.

Optional. Personalizes your daily digest.

Free. Unsubscribe anytime.