PT-2026-40025 · Dovecot · Dovecot

Published

2026-05-12

Updated

2026-06-02

CVE-2026-33603

CVSS v3.1

6.8

Medium

Vector

AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Dovecot versions prior to 2.4.4-1.1

Description An attacker positioned between Dovecot and the client connection can use a specially crafted base64 exchange to fake SCRAM TLS channel binding. This allows the attacker to act as a MITM (Man-in-the-Middle) proxy and eavesdrop on communications between the client and the server.

Recommendations Update to version 2.4.4-1.1.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-99

Related Identifiers

CVE-2026-33603

OPENSUSE-SU-2026:10766-1

USN-8365-1

Affected Products

Dovecot

PT-2026-40025 · Dovecot · Dovecot

CVE-2026-33603

Weakness Enumeration

Related Identifiers

Affected Products

References · 21