CVE-2026-27851

Source
https://cve.org/CVERecord?id=CVE-2026-27851
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-27851.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-27851
Downstream
Related
Published
2026-05-12T13:28:43.846Z
Modified
2026-07-16T03:31:09.651419402Z
Severity
  • 7.4 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
Summary
[none]
Details

When safe filter is used with variable expansion, all following pipelines on the same string are incorrectly interpreted as safe too, enabling unsafe data to be unescaped. This can enable SQL / LDAP injection attacks when used in authentication. Avoid using safe filter until on fixed version. No publicly available exploits are known.

Database specific
{
    "cwe_ids": [
        "CWE-235"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/27xxx/CVE-2026-27851.json",
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "last_affected": "3.1.4"
                },
                {
                    "last_affected": "2.4.3"
                }
            ],
            "source": "AFFECTED_FIELD"
        }
    ],
    "cna_assigner": "OX"
}
References

Affected packages

Git / github.com/dovecot/core

Affected ranges

Type
GIT
Repo
https://github.com/dovecot/core
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "cpe": "cpe:2.3:a:dovecot:dovecot:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.4.4"
        }
    ],
    "source": "CPE_RANGE"
}

Affected versions

1.*
1.1.alpha1
1.1.alpha2
1.1.alpha4
1.1.alpha5
1.1.alpha6
1.1.beta1
1.1.beta10
1.1.beta11
1.1.beta12
1.1.beta13
1.1.beta14
1.1.beta16
1.1.beta2
1.1.beta3
1.1.beta4
1.1.beta5
1.1.beta6
1.1.beta8
1.1.beta9
1.1.rc1
1.1.rc2
1.1.rc3
1.2.alpha1
1.2.alpha2
1.2.alpha3
1.2.alpha4
1.2.alpha5
1.2.beta1
1.2.beta2
1.2.beta3
1.2.beta4
1.2.rc1
2.*
2.0.0
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.0.7
2.0.8
2.0.alpha1
2.0.alpha2
2.0.alpha3
2.0.beta1
2.0.beta2
2.0.beta3
2.0.beta4
2.0.beta5
2.0.beta6
2.0.rc1
2.0.rc2
2.0.rc3
2.0.rc4
2.0.rc5
2.0.rc6
2.1.alpha1
2.1.alpha2
2.1.beta1
2.1.rc1
2.1.rc2
2.1.rc3
2.1.rc4
2.1.rc5
2.1.rc6
2.2.0
2.2.1
2.2.10
2.2.11
2.2.12
2.2.13
2.2.13.rc1
2.2.14
2.2.14.rc1
2.2.15
2.2.16
2.2.16.rc1
2.2.17
2.2.17.rc1
2.2.17.rc2
2.2.18
2.2.19
2.2.19.rc1
2.2.19.rc2
2.2.2
2.2.20
2.2.20.rc1
2.2.3
2.2.4
2.2.5
2.2.6
2.2.7
2.2.8
2.2.9
2.2.alpha1
2.2.beta1
2.2.beta2
2.2.rc1
2.2.rc2
2.2.rc3
2.2.rc4
2.2.rc5
2.2.rc6
2.2.rc7

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-27851.json"