CVE-2026-27857

Summary

CVECVE-2026-27857
StatePUBLISHED
AssignerOX
Source PriorityCVE Program / NVD first with legacy fallback
Published2026-03-27 09:16:19 UTC
Updated2026-06-30 03:17:58 UTC
DescriptionSending "NOOP (((...)))" command with 4000 parenthesis open+close results in ~1MB extra memory usage. Longer commands will result in client disconnection. This 1 MB can be left allocated for longer time periods by not sending the command ending LF. So attacker could connect possibly from even a single IP and create 1000 connections to allocate 1 GB of memory, which would likely result in reaching VSZ limit and killing the process and its other proxied connections. Attacker could connect possibly from even a single IP and create 1000 connections to allocate 1 GB of memory, which would likely result in reaching VSZ limit and killing the process and its other proxied connections. Install fixed version, there is no other remediation. No publicly available exploits are known.

Risk And Classification

Primary CVSS: v3.1 7.5 HIGH from [email protected]

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS: 0.000430000 probability, percentile 0.132020000 (date 2026-04-06)

Problem Types: CWE-400 | CWE-770 | CWE-400 Uncontrolled Resource Consumption | CWE-770 Allocation of Resources Without Limits or Throttling


VersionSourceTypeScoreSeverityVector
3.1[email protected]Primary7.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.1ADPCVSS7.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.1[email protected]Secondary4.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
3.10b0ca135-0b70-47e7-9f44-1890c2a1c46cSecondary7.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.1CNACVSS4.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CVSS v3.1 Breakdown

Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Application Dovecot Dovecot All All All All
Application Open-xchange Dovecot All All All All

Vendor Declared Affected Products

SourceVendorProductVersionPlatforms
CNA Open-Xchange GmbH OX Dovecot Pro affected 2.3.0 semver Not specified
ADP Red Hat Red Hat Enterprise Linux Server V. 7 ELS Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux Server Optional V. 7 ELS Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux AppStream EUS V. 10.0 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux AppStream V. 10 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux AppStream V. 8 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux AppStream AUS V.8.4 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux AppStream EUS EXTENSION V.8.4 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux AppStream AUS V.8.6 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux AppStream E4S V.8.6 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux AppStream TUS V.8.6 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux AppStream E4S V.8.8 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux AppStream TUS V.8.8 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux AppStream E4S V.9.0 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux AppStream E4S V.9.2 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux AppStream EUS V.9.4 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux AppStream EUS V.9.6 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux AppStream V. 9 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux CodeReady Linux Builder EUS V. 10.0 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux CodeReady Linux Builder V. 10 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux CRB V. 8 Not specified Not specified
ADP Red Hat Red Hat CodeReady Linux Builder EUS V.9.4 Not specified Not specified
ADP Red Hat Red Hat CodeReady Linux Builder EUS V.9.6 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux CodeReady Linux Builder V. 9 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux 6 Not specified Not specified

References

ReferenceSourceLinkTags
bugzilla.redhat.com/show_bug.cgi 0b0ca135-0b70-47e7-9f44-1890c2a1c46c bugzilla.redhat.com
access.redhat.com/errata/RHSA-2026:17626 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:19364 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:19149 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27857.json 0b0ca135-0b70-47e7-9f44-1890c2a1c46c security.access.redhat.com
documentation.open-xchange.com/dovecot/security/advisories/csaf/2026/oxdc-adv-2026-0001.json [email protected] documentation.open-xchange.com Vendor Advisory
access.redhat.com/errata/RHSA-2026:17602 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:13857 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:19453 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:13830 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:18053 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:13498 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:26564 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:17625 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/security/cve/CVE-2026-27857 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:17628 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:17630 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:19455 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Additional Advisory Data

SourceTimeEvent
ADP2026-03-27T09:01:59.374ZReported to Red Hat.
ADP2026-03-27T08:10:20.761ZMade public.

Solutions

ADP: RHSA-2026:26564: Red Hat Enterprise Linux Server (v. 7 ELS), Red Hat Enterprise Linux Server Optional (v. 7 ELS)

ADP: RHSA-2026:17602: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)

ADP: RHSA-2026:13498: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)

ADP: RHSA-2026:19149: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)

ADP: RHSA-2026:13830: Red Hat Enterprise Linux AppStream (v. 8), Red Hat Enterprise Linux CRB (v. 8)

ADP: RHSA-2026:19455: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)

ADP: RHSA-2026:19453: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream E4S (v.8.6), Red Hat Enterprise Linux AppStream TUS (v.8.6)

ADP: RHSA-2026:18053: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8)

ADP: RHSA-2026:17630: Red Hat Enterprise Linux AppStream E4S (v.9.0)

ADP: RHSA-2026:17628: Red Hat Enterprise Linux AppStream E4S (v.9.2)

ADP: RHSA-2026:17625: Red Hat CodeReady Linux Builder EUS (v.9.4), Red Hat Enterprise Linux AppStream EUS (v.9.4)

ADP: RHSA-2026:17626: Red Hat CodeReady Linux Builder EUS (v.9.6), Red Hat Enterprise Linux AppStream EUS (v.9.6)

ADP: RHSA-2026:13857: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)

ADP: RHSA-2026:19364: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)

Workarounds

ADP: Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.

© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report