CVE-2026-27856

CVSS v3.1

7.4

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Doveadm (affected versions not specified)

Description Doveadm credentials are verified using direct comparison, which is susceptible to a timing oracle attack. An attacker could potentially determine the configured credentials, leading to full access to the affected component.

Recommendations Limit access to the doveadm http service port. Install the fixed version dovecot24-2.4.3-1.1.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2026-27856

OESA-2026-1849

OPENSUSE-SU-2026:10442-1

OPENSUSE-SU-2026:20554-1

SUSE-SU-2026:21208-1

USN-8136-1

Affected Products

Doveadm

Dovecot

Linuxmint

Ubuntu

CVE-2026-27856

Weakness Enumeration

Related Identifiers

Affected Products

References · 55