NextGuard
UNKNOWNCVE-2026-27856

Doveadm credentials are verified using direct comparison which is susceptible to timing oracle attack. An attacker can use this to determine the configured credentials. Figuring out the credential wil

Platform

other

Component

ox-dovecot-pro

View on NVD

Doveadm credentials are verified using direct comparison which is susceptible to timing oracle attack. An attacker can use this to determine the configured credentials. Figuring out the credential will lead into full access to the affected component. Limit access to the doveadm http service port, install fixed version. No publicly available exploits are known.

How to fix

Actualice OX Dovecot Pro a una versión posterior a la 2.3.0. Limite el acceso al puerto del servicio HTTP de Doveadm para mitigar el riesgo mientras actualiza.

Monitor your dependencies automatically

Get notified when new vulnerabilities affect your projects. Free forever.

Start free