CVE-2026-24031 — SQL Injection in Dovecot

CWE-89 — SQL Injection8 documents7 sources

Severity

7.7HIGHNVD

OSV5.3

EPSS

0.1%

top 80.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dovecot Debian Dovecot Open-xchange Gmbh OX Dovecot PRO

Timeline

PublishedMar 27

Latest updateMar 31

Description

Dovecot SQL based authentication can be bypassed when auth_username_chars is cleared by admin. This vulnerability allows bypassing authentication for any user and user enumeration. Do not clear auth_username_chars. If this is not possible, install latest fixed version. No publicly available exploits are known.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:LExploitability: 2.2 | Impact: 5.5

Affected Packages4 packages

▶debiandebian/dovecot< dovecot 1:2.4.3+dfsg1-1 (sid)

▶Debiandovecot/dovecot< 1:2.4.1+dfsg1-6+deb13u4

▶Ubuntudovecot/dovecot< 1:2.3.16+dfsg1-3ubuntu2.7+2

▶CVEListV5open-xchange_gmbh/ox_dovecot_pro3.1.0

🔴Vulnerability Details

OSV

dovecot vulnerabilities↗2026-03-31

▶

OSV

CVE-2026-24031: Dovecot SQL based authentication can be bypassed when auth_username_chars is cleared by admin↗2026-03-27

▶

GHSA

GHSA-fx6f-5qgf-9fmx: Dovecot SQL based authentication can be bypassed when auth_username_chars is cleared by admin↗2026-03-27

▶

📋Vendor Advisories

Ubuntu

Dovecot vulnerabilities↗2026-03-31

▶

Red Hat

dovecot: Dovecot: Authentication bypass and user enumeration due to cleared auth_username_chars configuration↗2026-03-27

▶

Debian

CVE-2026-24031: dovecot - Dovecot SQL based authentication can be bypassed when auth_username_chars is cle...↗2026

▶

🕵️Threat Intelligence

Wiz

CVE-2026-24031 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶