SB2026040132 - Ubuntu update for dovecot

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2026040132

SB2026040132 - Ubuntu update for dovecot

Published: April 1, 2026

Security Bulletin ID SB2026040132
Severity
High
Patch available
YES
Number of vulnerabilities 11
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

High 9% Medium 82% Low 9%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 11 secuirty vulnerabilities.


1) Improper input validation (CVE-ID: CVE-2025-59028)

The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to improper input validation in SASL authentication handling when processing user-supplied data. A remote attacker can send a specially crafted request containing invalid base64 data to cause a denial of service.

The denial of service affects concurrent authentication sessions.


2) Information disclosure (CVE-ID: CVE-2025-59031)

The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to improper input validation in decode2text.sh script when parsing OOXML attachments during indexing. A remote attacker can send a specially crafted OOXML document containing symlinks to disclose sensitive information.

The attacker must be able to upload email attachments that are processed by the indexing system.


3) Improper input validation (CVE-ID: CVE-2025-59032)

The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to improper input validation in Pigeonhole ManageSieve service when processing SASL AUTHENTICATE command. A remote attacker can send a specially crafted request using literal as SASL initial response to cause a denial of service.

The ManageSieve service crashes and becomes unavailable for other users.


4) SQL injection (CVE-ID: CVE-2026-24031)

The vulnerability allows a remote attacker to bypass authentication and enumerate users.

The vulnerability exists due to improper input validation in SQL-based authentication when processing usernames. A remote attacker can send a specially crafted request with malicious username when auth_username_chars is cleared by admin to bypass authentication and enumerate users.

The server must have auth_username_chars configuration option cleared.


5) LDAP injection (CVE-ID: CVE-2026-27860)

The vulnerability allows a remote attacker to bypass authentication.

The vulnerability exists due to improper neutralization of special elements in an LDAP query within the auth-ldap module when processing usernames. A remote attacker can send a specially crafted request with malicious username when auth_username_chars is empty to probe LDAP structure and potentially bypass authentication.

The server must have auth_username_chars configuration option cleared.


6) Authentication Bypass by Capture-replay (CVE-ID: CVE-2026-27855)

The vulnerability allows a remote attacker to bypass authentication.

The vulnerability exists due to authentication bypass by capture-replay in OTP authentication driver when caching credentials. A remote attacker can capture and replay OTP credentials to bypass authentication.

User interaction is required to trigger the initial authentication, and auth cache must be enabled with username alteration in passdb.


7) Improper Authentication (CVE-ID: CVE-2026-27856)

The vulnerability allows a remote attacker to bypass authentication.

The vulnerability exists due to improper authentication in doveadm credentials verification when comparing provided credentials. A remote attacker can perform timing oracle attack to bypass authentication.


8) Resource exhaustion (CVE-ID: CVE-2026-27857)

The vulnerability allows a remote user to cause a denial of service.

The vulnerability exists due to uncontrolled resource consumption in imap-login process when handling malformed NOOP commands. A remote user can send a specially crafted command with excessive parentheses to cause a denial of service.


9) Resource exhaustion (CVE-ID: CVE-2026-27858)

The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to uncontrolled resource consumption in managesieve-login service when processing pre-authentication data. A remote attacker can send a specially crafted message before authentication to cause a denial of service.


10) Resource exhaustion (CVE-ID: CVE-2026-27859)

The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to uncontrolled resource consumption in MIME parameter parsing when processing message headers. A remote attacker can send a specially crafted email message with excessive RFC 2231 MIME parameters to cause a denial of service of the LMTP mail delivery process.


11) Path traversal (CVE-ID: CVE-2026-0394)

The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to improper limitation of a pathname to a restricted directory ('Path Traversal') in passwd-file passdb when processing domain-based authentication requests. A remote attacker can send a specially crafted request with malicious domain parameter to disclose sensitive information.

The server must be configured to use per-domain passwd files placed one path component above /etc or with slash in allowed characters.


Remediation

Install update from vendor's website.

References