Mail Archive CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH Mail Archive CVE published 2026-05-14

CVE-2026-46446

CVE-2026-46446 is a HIGH-severity SQL injection issue affecting SOGo before 5.12.7 in deployments that use PostgreSQL or MariaDB and store passwords in cleartext. The advisory ties the flaw to the changePasswordForLogin path and the c_password = '%@' SQL construction pattern. The supplied sources indicate a public fix was released in SOGo 5.12.7, with the advisory published on 2026-05-14. The GitHub advis [truncated]

HIGH Mail Archive CVE published 2026-05-14

CVE-2026-46445

CVE-2026-46445 is a SQL injection issue in SOGo before 5.12.7 when PostgreSQL is used. The supplied advisory metadata rates it CVSS 7.1 (High) with network reachability, low privileges, and no user interaction, so affected PostgreSQL-backed deployments should be patched promptly.