A SQL injection vulnerability in SOGo before 5.12.7 allows authenticated users to execute arbitrary SQL statements via the newPassword parameter in the password change functionality.
{ "binaries": [ { "binary_name": "sogo", "binary_version": "5.12.1-3" }, { "binary_name": "sogo-activesync", "binary_version": "5.12.1-3" }, { "binary_name": "sogo-common", "binary_version": "5.12.1-3" } ] }
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-39179.json"
{ "binaries": [ { "binary_name": "sogo", "binary_version": "2.2.17a-1.1ubuntu0.1~esm1" }, { "binary_name": "sogo-common", "binary_version": "2.2.17a-1.1ubuntu0.1~esm1" } ] }
{ "binaries": [ { "binary_name": "sogo", "binary_version": "3.2.10-1ubuntu0.1~esm1" }, { "binary_name": "sogo-common", "binary_version": "3.2.10-1ubuntu0.1~esm1" } ] }
{ "binaries": [ { "binary_name": "sogo", "binary_version": "4.3.0-1ubuntu0.1~esm1" }, { "binary_name": "sogo-common", "binary_version": "4.3.0-1ubuntu0.1~esm1" } ] }
{ "binaries": [ { "binary_name": "sogo", "binary_version": "5.5.1-1ubuntu0.1~esm1" }, { "binary_name": "sogo-activesync", "binary_version": "5.5.1-1ubuntu0.1~esm1" }, { "binary_name": "sogo-common", "binary_version": "5.5.1-1ubuntu0.1~esm1" } ] }
{ "binaries": [ { "binary_name": "sogo", "binary_version": "5.12.4-1.2ubuntu0.1~esm1" }, { "binary_name": "sogo-activesync", "binary_version": "5.12.4-1.2ubuntu0.1~esm1" }, { "binary_name": "sogo-common", "binary_version": "5.12.4-1.2ubuntu0.1~esm1" } ] }