CVE-2026-40016

Published: Mag 12, 2026 Last Modified: Mag 12, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 5,3

Source: [email protected]

Attack Vector: network

Attack Complexity: high

Privileges Required: low

User Interaction: none

Scope: unchanged

Confidentiality: none

Integrity: none

Availability: high

Description

AI Translation Available

Attacker can upload a malicious Sieve script over ManageSieve service (or locally) to bypass configured CPU time limits for Sieve up to 130 times of the configured limit. Attacker can use this to degrade server performance and bypass configured CPU time limits for Sieve scripts. Install fixed version, or alternatively prevent direct access to Sieve scripts via ManageSieve or local access. No publicly available exploits are known.

400

Uncontrolled Resource Consumption

Draft

Abstraction: Class Structure: Simple

Common Consequences

Security Scopes Affected:

Availability Access Control Other

Potential Impacts:

Dos: Crash, Exit, Or Restart Dos: Resource Consumption (Cpu) Dos: Resource Consumption (Memory) Dos: Resource Consumption (Other) Bypass Protection Mechanism Other

Applicable Platforms

Technologies: AI/ML, Not Technology-Specific

Likelihood of Exploit: High

View CWE Details

https://documentation.open-xchange.com/dovecot/security/adv…

https://documentation.open-xchange.com/dovecot/security/advisories/csaf/2026/ox…

CVE-2026-40016

Description

Uncontrolled Resource Consumption

Common Consequences

Applicable Platforms

Iscriviti alla newsletter