CVE-2026-27857 is a medium-severity vulnerability in Dovecot, a popular open-source IMAP and POP3 email server. The vulnerability can be exploited to cause a Dovecot process to consume excessive memory, potentially leading to a denial-of-service (DoS) condition. An attacker could connect to the server from a single IP address and create multiple connections to allocate a large amount of memory, causing th [truncated]
CVE-2026-27856 is a HIGH severity vulnerability in Dovecot, an open-source IMAP and POP3 email server. The vulnerability arises from the direct comparison of doveadm credentials, which is susceptible to a timing oracle attack. This allows an attacker to determine the configured credentials, potentially leading to full access to the affected component. The Common Vulnerability Scoring System (CVSS) score f [truncated]