Platform
other
Component
sogo
Fixed in
5.12.4
5.12.5
A cross-site scripting (XSS) vulnerability has been identified in SOGo versions 5.12.3 and 5.12.4. This flaw allows attackers to inject malicious scripts into the application through manipulation of the argument hint. Successful exploitation can lead to session hijacking, data theft, and other malicious actions. The vulnerability is remotely exploitable and a public exploit is available, highlighting the urgency of remediation.
The XSS vulnerability in SOGo allows an attacker to execute arbitrary JavaScript code within the context of a victim's browser session. This can be leveraged to steal cookies, redirect users to phishing sites, or deface the application. Given the availability of a public exploit, the risk of exploitation is significantly elevated. Attackers could potentially gain access to sensitive user data, including email content and calendar information, depending on the user's privileges within the SOGo environment. The impact extends beyond the immediate user, potentially affecting the entire organization if the attacker can leverage the compromised account for lateral movement.
This vulnerability is publicly known with a proof-of-concept exploit available. It was disclosed on 2026-02-24. The vendor, Alinto, was contacted but did not respond. The availability of a public exploit suggests a medium probability of exploitation (EPSS score likely medium). Monitor security advisories and threat intelligence feeds for any indications of active exploitation campaigns targeting SOGo.
Exploit Status
EPSS
0.01% (1% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-3054 is to upgrade SOGo to a patched version. As no fixed version is provided, it is crucial to monitor the SOGo website and security advisories for updates. Until a patch is available, consider implementing input validation and output encoding on all user-supplied data to reduce the attack surface. Web application firewalls (WAFs) configured to detect and block XSS payloads can provide an additional layer of defense. Regularly review SOGo configuration and access controls to minimize potential impact.
Update to a version later than 5.12.4 that fixes the XSS vulnerability. Since the vendor has not responded, it is recommended to seek alternative solutions or mitigations in the SOGo user community.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-3054 is a cross-site scripting (XSS) vulnerability affecting SOGo versions 5.12.3 and 5.12.4, allowing attackers to inject malicious scripts via argument hint manipulation.
If you are using SOGo versions 5.12.3 or 5.12.4, you are potentially affected by this vulnerability. Monitor SOGo's website for updates.
Upgrade to a patched version of SOGo as soon as one is available. Until then, implement input validation and output encoding and consider using a WAF.
A public exploit exists, indicating a medium probability of active exploitation. Monitor security advisories and threat intelligence.
Refer to the official SOGo website and security advisories for the latest information and updates regarding CVE-2026-3054.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.