CVE-2026-33603

Attacker can use a specially crafted base64 exchange between Dovecot and Client to fake SCRAM TLS channel binding. This requires that the attacker is able to position itself between Dovecot and the client connection. If successful, the attacker can eavesdrop communications between Dovecot and client as MITM proxy. Install fixed version. No publicly available exploits are known.

CVSS v3 6.8 MEDIUM

6.8^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.6 / Impact : 5.2

Attack Vector ADJACENT_NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://documentation.open-xchange.com/dovecot/security/advisories/csaf/2026/oxdc-adv-2026-0002.json	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:dovecot:dovecot::::::::
	cpe:2.3:a:open-xchange:dovecot:::::pro:::*

History

18 May 2026, 17:35

Type	Values Removed	Values Added
First Time		Dovecot Dovecot dovecot Open-xchange Open-xchange dovecot
References	~~() https://documentation.open-xchange.com/dovecot/security/advisories/csaf/2026/oxdc-adv-2026-0002.json -~~	() https://documentation.open-xchange.com/dovecot/security/advisories/csaf/2026/oxdc-adv-2026-0002.json - Vendor Advisory
CPE		cpe:2.3:a:dovecot:dovecot:::::::: cpe:2.3:a:open-xchange:dovecot:::::pro:::*

12 May 2026, 14:17

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-05-12 14:17

Updated : 2026-05-18 17:35

NVD link : CVE-2026-33603

Mitre link : CVE-2026-33603

CVE.ORG link : CVE-2026-33603

JSON object : View

Products Affected

dovecot

dovecot

open-xchange

dovecot

CWE

CWE-99

Improper Control of Resource Identifiers ('Resource Injection')

{"id": "CVE-2026-33603", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@open-xchange.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.6}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.6}]}, "published": "2026-05-12T14:17:01.600", "references": [{"url": "https://documentation.open-xchange.com/dovecot/security/advisories/csaf/2026/oxdc-adv-2026-0002.json", "tags": ["Vendor Advisory"], "source": "security@open-xchange.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security@open-xchange.com", "description": [{"lang": "en", "value": "CWE-99"}]}], "descriptions": [{"lang": "en", "value": "Attacker can use a specially crafted base64 exchange between Dovecot and Client to fake SCRAM TLS channel binding. This requires that the attacker is able to position itself between Dovecot and the client connection. If successful, the attacker can eavesdrop communications between Dovecot and client as MITM proxy. Install fixed version. No publicly available exploits are known."}], "lastModified": "2026-05-18T17:35:35.650", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dovecot:dovecot:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "86CE1F3B-DF73-431A-9EC0-491E8969A187", "versionEndExcluding": "2.4.4"}, {"criteria": "cpe:2.3:a:open-xchange:dovecot:*:*:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "28C2DD58-A4B0-4F2C-BC60-F30F380251BC", "versionEndExcluding": "3.1.5"}], "operator": "OR"}]}], "sourceIdentifier": "security@open-xchange.com"}