CVE-2026-27851CRITICAL 9.1EPSS p23.1%

CVE-2026-27851CVE-2026-27851

Description

When safe filter is used with variable expansion, all following pipelines on the same string are incorrectly interpreted as safe too, enabling unsafe data to be unescaped. This can enable SQL / LDAP injection attacks when used in authentication. Avoid using safe filter until on fixed version. No publicly available exploits are known.

Scoring

CVSS 3.19.1 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS0.32% probability of exploitation · percentile 23.1% · 2026-06-18T12:00:27Z
Published2026-05-12
Last modified2026-05-18

Underlying weaknesses· 1

CWE-235

References

  1. https://documentation.open-xchange.com/dovecot/security/advisories/csaf/2026/oxdc-adv-2026-0002.json

1

TypeTargetConfidenceTier
WeaknessImproper Handling of Extra Parameterscwe-2350%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-23176
CVE
CVE-2025-52694
CVE
CVE-2025-48650
CVE
CVE-2025-22523
CVE
CVE-2025-24861
CVE
CVE-2026-33615
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.