CVE-2026-27851

Published: Mag 12, 2026 Last Modified: Mag 12, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 7,4

Source: [email protected]

Attack Vector: network

Attack Complexity: high

Privileges Required: none

User Interaction: none

Scope: unchanged

Confidentiality: high

Integrity: high

Availability: none

Description

AI Translation Available

When safe filter is used with variable expansion, all following pipelines on the same string are incorrectly interpreted as safe too, enabling unsafe data to be unescaped. This can enable SQL / LDAP injection attacks when used in authentication. Avoid using safe filter until on fixed version. No publicly available exploits are known.

235

Improper Handling of Extra Parameters

Draft

Abstraction: Variant Structure: Simple

Common Consequences

Security Scopes Affected:

Integrity

Potential Impacts:

Unexpected State

Applicable Platforms

All platforms may be affected

View CWE Details

https://documentation.open-xchange.com/dovecot/security/adv…

https://documentation.open-xchange.com/dovecot/security/advisories/csaf/2026/ox…

CVE-2026-27851

Description

Improper Handling of Extra Parameters

Common Consequences

Applicable Platforms

Iscriviti alla newsletter