CVE-2026-33550

Name of the Vulnerable Software and Affected Versions SOGo versions prior to 5.12.5

Description SOGo does not properly renew One-Time Passwords (OTPs) when a user disables and re-enables them. Additionally, the generated OTPs have a length of only 12 digits, which is shorter than the recommended 20 digits.

Recommendations Update to version 5.12.5 or later.