It was discovered that Dovecot incorrectly treated some variable expansion pipelines as safe in authentication filters. An attacker could possibly use this issue to perform SQL or LDAP injection attacks. This issue only affected Ubuntu 25.10 and Ubuntu 26.04 LTS. (CVE-2026-27851)
It was discovered that Dovecot incorrectly verified SCRAM TLS channel binding in certain base64 exchanges. A remote attacker could possibly use this issue to obtain sensitive information in a machine-in-the-middle attack. (CVE-2026-33603)
It was discovered that Dovecot incorrectly enforced Sieve script CPU limits. An attacker could possibly use this issue to cause Dovecot to use excessive resources, leading to a denial of service. (CVE-2026-40016)
It was discovered that Dovecot incorrectly handled certain IMAP SETACL commands. An attacker could possibly use this issue to spam folders to other users. (CVE-2026-40020)
It was discovered that Dovecot incorrectly handled excessive IMAP bracing. An attacker could possibly use this issue to cause Dovecot to use excessive resources, leading to a denial of service. (CVE-2026-42006)
{
"binaries": [
{
"binary_name": "dovecot-auth-lua",
"binary_version": "1:2.3.16+dfsg1-3ubuntu2.9"
},
{
"binary_name": "dovecot-core",
"binary_version": "1:2.3.16+dfsg1-3ubuntu2.9"
},
{
"binary_name": "dovecot-gssapi",
"binary_version": "1:2.3.16+dfsg1-3ubuntu2.9"
},
{
"binary_name": "dovecot-imapd",
"binary_version": "1:2.3.16+dfsg1-3ubuntu2.9"
},
{
"binary_name": "dovecot-ldap",
"binary_version": "1:2.3.16+dfsg1-3ubuntu2.9"
},
{
"binary_name": "dovecot-lmtpd",
"binary_version": "1:2.3.16+dfsg1-3ubuntu2.9"
},
{
"binary_name": "dovecot-lucene",
"binary_version": "1:2.3.16+dfsg1-3ubuntu2.9"
},
{
"binary_name": "dovecot-managesieved",
"binary_version": "1:2.3.16+dfsg1-3ubuntu2.9"
},
{
"binary_name": "dovecot-mysql",
"binary_version": "1:2.3.16+dfsg1-3ubuntu2.9"
},
{
"binary_name": "dovecot-pgsql",
"binary_version": "1:2.3.16+dfsg1-3ubuntu2.9"
},
{
"binary_name": "dovecot-pop3d",
"binary_version": "1:2.3.16+dfsg1-3ubuntu2.9"
},
{
"binary_name": "dovecot-sieve",
"binary_version": "1:2.3.16+dfsg1-3ubuntu2.9"
},
{
"binary_name": "dovecot-solr",
"binary_version": "1:2.3.16+dfsg1-3ubuntu2.9"
},
{
"binary_name": "dovecot-sqlite",
"binary_version": "1:2.3.16+dfsg1-3ubuntu2.9"
},
{
"binary_name": "dovecot-submissiond",
"binary_version": "1:2.3.16+dfsg1-3ubuntu2.9"
}
],
"availability": "No subscription required"
}
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8365-1.json"
{
"ecosystem": "Ubuntu:22.04:LTS",
"cves": [
{
"id": "CVE-2026-33603",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-40016",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-40020",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-42006",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
]
}
{
"binaries": [
{
"binary_name": "dovecot-auth-lua",
"binary_version": "1:2.3.21+dfsg1-2ubuntu6.5"
},
{
"binary_name": "dovecot-core",
"binary_version": "1:2.3.21+dfsg1-2ubuntu6.5"
},
{
"binary_name": "dovecot-gssapi",
"binary_version": "1:2.3.21+dfsg1-2ubuntu6.5"
},
{
"binary_name": "dovecot-imapd",
"binary_version": "1:2.3.21+dfsg1-2ubuntu6.5"
},
{
"binary_name": "dovecot-ldap",
"binary_version": "1:2.3.21+dfsg1-2ubuntu6.5"
},
{
"binary_name": "dovecot-lmtpd",
"binary_version": "1:2.3.21+dfsg1-2ubuntu6.5"
},
{
"binary_name": "dovecot-managesieved",
"binary_version": "1:2.3.21+dfsg1-2ubuntu6.5"
},
{
"binary_name": "dovecot-mysql",
"binary_version": "1:2.3.21+dfsg1-2ubuntu6.5"
},
{
"binary_name": "dovecot-pgsql",
"binary_version": "1:2.3.21+dfsg1-2ubuntu6.5"
},
{
"binary_name": "dovecot-pop3d",
"binary_version": "1:2.3.21+dfsg1-2ubuntu6.5"
},
{
"binary_name": "dovecot-sieve",
"binary_version": "1:2.3.21+dfsg1-2ubuntu6.5"
},
{
"binary_name": "dovecot-solr",
"binary_version": "1:2.3.21+dfsg1-2ubuntu6.5"
},
{
"binary_name": "dovecot-sqlite",
"binary_version": "1:2.3.21+dfsg1-2ubuntu6.5"
},
{
"binary_name": "dovecot-submissiond",
"binary_version": "1:2.3.21+dfsg1-2ubuntu6.5"
}
],
"availability": "No subscription required"
}
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8365-1.json"
{
"ecosystem": "Ubuntu:24.04:LTS",
"cves": [
{
"id": "CVE-2026-33603",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-40016",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-40020",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-42006",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
]
}
{
"binaries": [
{
"binary_name": "dovecot-auth-lua",
"binary_version": "1:2.4.1+dfsg1-5ubuntu4.2"
},
{
"binary_name": "dovecot-core",
"binary_version": "1:2.4.1+dfsg1-5ubuntu4.2"
},
{
"binary_name": "dovecot-flatcurve",
"binary_version": "1:2.4.1+dfsg1-5ubuntu4.2"
},
{
"binary_name": "dovecot-gssapi",
"binary_version": "1:2.4.1+dfsg1-5ubuntu4.2"
},
{
"binary_name": "dovecot-imapd",
"binary_version": "1:2.4.1+dfsg1-5ubuntu4.2"
},
{
"binary_name": "dovecot-ldap",
"binary_version": "1:2.4.1+dfsg1-5ubuntu4.2"
},
{
"binary_name": "dovecot-lmtpd",
"binary_version": "1:2.4.1+dfsg1-5ubuntu4.2"
},
{
"binary_name": "dovecot-managesieved",
"binary_version": "1:2.4.1+dfsg1-5ubuntu4.2"
},
{
"binary_name": "dovecot-mysql",
"binary_version": "1:2.4.1+dfsg1-5ubuntu4.2"
},
{
"binary_name": "dovecot-pgsql",
"binary_version": "1:2.4.1+dfsg1-5ubuntu4.2"
},
{
"binary_name": "dovecot-pop3d",
"binary_version": "1:2.4.1+dfsg1-5ubuntu4.2"
},
{
"binary_name": "dovecot-sieve",
"binary_version": "1:2.4.1+dfsg1-5ubuntu4.2"
},
{
"binary_name": "dovecot-solr",
"binary_version": "1:2.4.1+dfsg1-5ubuntu4.2"
},
{
"binary_name": "dovecot-sqlite",
"binary_version": "1:2.4.1+dfsg1-5ubuntu4.2"
},
{
"binary_name": "dovecot-submissiond",
"binary_version": "1:2.4.1+dfsg1-5ubuntu4.2"
}
],
"availability": "No subscription required"
}
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8365-1.json"
{
"ecosystem": "Ubuntu:25.10",
"cves": [
{
"id": "CVE-2026-27851",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-33603",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-40016",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-40020",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-42006",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
]
}
{
"binaries": [
{
"binary_name": "dovecot-auth-lua",
"binary_version": "1:2.4.2+dfsg1-3ubuntu2.1"
},
{
"binary_name": "dovecot-core",
"binary_version": "1:2.4.2+dfsg1-3ubuntu2.1"
},
{
"binary_name": "dovecot-flatcurve",
"binary_version": "1:2.4.2+dfsg1-3ubuntu2.1"
},
{
"binary_name": "dovecot-gssapi",
"binary_version": "1:2.4.2+dfsg1-3ubuntu2.1"
},
{
"binary_name": "dovecot-imapd",
"binary_version": "1:2.4.2+dfsg1-3ubuntu2.1"
},
{
"binary_name": "dovecot-ldap",
"binary_version": "1:2.4.2+dfsg1-3ubuntu2.1"
},
{
"binary_name": "dovecot-lmtpd",
"binary_version": "1:2.4.2+dfsg1-3ubuntu2.1"
},
{
"binary_name": "dovecot-managesieved",
"binary_version": "1:2.4.2+dfsg1-3ubuntu2.1"
},
{
"binary_name": "dovecot-mysql",
"binary_version": "1:2.4.2+dfsg1-3ubuntu2.1"
},
{
"binary_name": "dovecot-pgsql",
"binary_version": "1:2.4.2+dfsg1-3ubuntu2.1"
},
{
"binary_name": "dovecot-pop3d",
"binary_version": "1:2.4.2+dfsg1-3ubuntu2.1"
},
{
"binary_name": "dovecot-sieve",
"binary_version": "1:2.4.2+dfsg1-3ubuntu2.1"
},
{
"binary_name": "dovecot-solr",
"binary_version": "1:2.4.2+dfsg1-3ubuntu2.1"
},
{
"binary_name": "dovecot-sqlite",
"binary_version": "1:2.4.2+dfsg1-3ubuntu2.1"
},
{
"binary_name": "dovecot-submissiond",
"binary_version": "1:2.4.2+dfsg1-3ubuntu2.1"
}
],
"availability": "No subscription required"
}
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8365-1.json"
{
"ecosystem": "Ubuntu:26.04:LTS",
"cves": [
{
"id": "CVE-2026-27851",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-33603",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-40016",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-40020",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-42006",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
]
}