Primary

Context

Open-Xchange Dovecot ManageSieve AUTHENTICATE Command Denial-of-Service Vulnerability

Vulnerability

A denial-of-service vulnerability has been identified in the Open-Xchange Dovecot Pro and Community Edition ManageSieve services, specifically in versions 2.4.0, 3.0.2, 3.1.0, and prior to 2.4.3. The issue arises when the AUTHENTICATE command is used with a literal as the SASL initial response, causing the ManageSieve service to crash. This crash can be repeated, making the service unavailable for other users.

Impact

Exploiting this vulnerability causes the ManageSieve service to crash, leading to a denial-of-service condition where the service becomes unavailable for other users.

Remediation

Users can control access to the ManageSieve port or disable the service if it is not needed. Alternatively, they can upgrade to a fixed version.

Added: Mar 27, 2026, 9:23 AM

Updated: Mar 27, 2026, 9:23 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.0

remediation

0.0

relevance

4.8

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.0

remediation

0.0

relevance

4.8

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Open-Xchange Dovecot ManageSieve AUTHENTICATE Command Denial-of-Service Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating