vulnerability

Debian: CVE-2026-27856: dovecot -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:M/Au:N/C:C/I:C/A:N)	Apr 7, 2026	Apr 7, 2026	Apr 7, 2026

Severity

CVSS

(AV:N/AC:M/Au:N/C:C/I:C/A:N)

Published

Apr 7, 2026

Added

Apr 7, 2026

Modified

Apr 7, 2026

Description

Doveadm credentials are verified using direct comparison which is susceptible to timing oracle attack. An attacker can use this to determine the configured credentials. Figuring out the credential will lead into full access to the affected component. Limit access to the doveadm http service port, install fixed version. No publicly available exploits are known.

Solution

debian-upgrade-dovecot

References

CVE-2026-27856
https://attackerkb.com/topics/CVE-2026-27856
CWE-287
DEBIAN-DSA-6197-1
EUVD-EUVD-2026-16565
https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-16565

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today