Cyber Resilience

CVE-2026-27851

HighUpdated

Published: 12 May 2026

Published
12 May 2026
Modified
30 June 2026
KEV Added
Patch
CVSS Score v3.1 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score 0.0041 32.5th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-27851 is a high-severity Improper Handling of Extra Parameters (CWE-235) vulnerability in Dovecot Dovecot. Its CVSS base score is 7.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 32.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

When safe filter is used with variable expansion, all following pipelines on the same string are incorrectly interpreted as safe too, enabling unsafe data to be unescaped. This can enable SQL / LDAP injection attacks when used in authentication. Avoid…

more

using safe filter until on fixed version. No publicly available exploits are known.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1212 Exploitation for Credential Access Credential Access
Adversaries may exploit software vulnerabilities in an attempt to collect credentials.
Why these techniques?

Vuln enables injection (SQL/LDAP) via escaping bypass in auth context, directly facilitating public app exploitation and credential access.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-27858Same product: Dovecot Dovecot
CVE-2025-59032Same product: Dovecot Dovecot
CVE-2025-59028Same product: Dovecot Dovecot
CVE-2026-27857Same product: Dovecot Dovecot
CVE-2025-25064Same product class: email / collaboration
CVE-2025-68461Same product class: email / collaboration
CVE-2025-68645Same product class: email / collaboration
CVE-2026-35537Same product class: email / collaboration
CVE-2026-35545Same product class: email / collaboration
CVE-2026-42897Same product class: email / collaboration

Affected Assets

dovecot
dovecot
≤ 2.4.4
open-xchange
dovecot
≤ 3.1.5

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-89

Penetration testing uses SQL injection payloads against database interfaces, identifying and supporting fixes for SQL injection weaknesses.

addresses: CWE-89

Validates query inputs to prevent SQL syntax or command manipulation.

References