Vulnerabilities

CVE-2026-46446

by Fred · 14/05/2026

SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords are stored, allows SQL injection. This is related to c_password = ‘%@’ in changePasswordForLogin.

More information : https://github.com/Alinto/sogo/pull/379/changes/1f7e5d2b2c2047c44a6a9e05f73c36491cb96d21

Similar

Tags: Cybersecurity Alert