Primary

Context

Open-Xchange OX Dovecot Uncontrolled Resource Consumption Vulnerability Allowing CPU Time Limit Bypass

Vulnerability

A vulnerability exists in Open-Xchange Dovecot Pro and Community Edition versions 2.3.0, 3.0.5, 3.1.0, 3.1.4, and 3.1.5. This vulnerability allows an attacker to upload a malicious Sieve script via the ManageSieve service or locally, bypassing the configured CPU time limits for Sieve scripts. The exploitation can lead to a degradation of server performance, with the potential to exceed the normal CPU time limits by up to 130 times. No publicly available exploits are known.

Impact

Exploitation of this vulnerability can cause significant server performance degradation by allowing Sieve scripts to consume excessive CPU resources, bypassing normal time limits and potentially leading to a denial-of-service condition.

Remediation

Users are advised to update to the fixed version or, alternatively, prevent direct access to Sieve scripts via ManageSieve or local access.

Added: May 12, 2026, 2:28 PM

Updated: May 12, 2026, 2:28 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

5.2

remediation

0.0

relevance

8.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

5.2

remediation

0.0

relevance

8.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Open-Xchange OX Dovecot Uncontrolled Resource Consumption Vulnerability Allowing CPU Time Limit Bypass

Vulnerability

Impact

Remediation

Affected Products

Open-Xchange OX Dovecot Pro

Open-Xchange OX Dovecot CE

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating