CVE-2026-46445

Published: Mag 14, 2026 Last Modified: Mag 14, 2026
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 7,1
Source: [email protected]
Attack Vector: network
Attack Complexity: high
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: low

Description

AI Translation Available

SOGo before 5.12.7, when PostgreSQL is used, allows SQL injection.

89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Stable
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Confidentiality Integrity Availability Authentication Access Control
Potential Impacts:
Execute Unauthorized Code Or Commands Read Application Data Gain Privileges Or Assume Identity Bypass Protection Mechanism Modify Application Data
Applicable Platforms
Languages: Not Language-Specific, SQL
Technologies: Database Server
Likelihood of Exploit: High
View CWE Details
https://github.com/Alinto/sogo/pull/379/changes/1f7e5d2b2c2…
https://github.com/Alinto/sogo/pull/379/changes/1f7e5d2b2c2047c44a6a9e05f73c364…
https://www.mail-archive.com/debian-bugs-dist%40lists.debia…
https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg2100131.html
https://www.sogo.nu/news/2026/sogo-v5127-released.html
https://www.sogo.nu/news/2026/sogo-v5127-released.html