{ "document": { "aggregate_severity": { "text": "Medium" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/centos8.4els/vex/2026/cve-2026-27855-els_os-centos8_4els.json" } ], "tracking": { "current_release_date": "2026-04-30T17:31:37Z", "generator": { "date": "2026-04-30T17:31:37Z", "engine": { "name": "pyCSAF" } }, "id": "CVE-2026-27855-ELS_OS-CENTOS8.4ELS", "initial_release_date": "2026-03-27T09:16:00Z", "revision_history": [ { "date": "2026-03-27T09:16:00Z", "number": "1", "summary": "Initial version" }, { "date": "2026-04-30T17:31:37Z", "number": "2", "summary": "Official Publication" } ], "status": "final", "version": "2" }, "title": "Security update on CVE-2026-27855" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Community Enterprise Operating System 8.4", "product": { "name": "Community Enterprise Operating System 8.4", "product_id": "CentOS-8.4", "product_identification_helper": { "cpe": "cpe:2.3:o:centos:centos:8.4:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Community Enterprise Operating System" }, { "branches": [ { "category": "product_version", "name": "dovecot-devel-1:2.3.8-9.el8.x86_64", "product": { "name": "dovecot-devel-1:2.3.8-9.el8.x86_64", "product_id": "dovecot-devel-1:2.3.8-9.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/centos/dovecot-devel@2.3.8-9.el8?arch=x86_64&epoch=1" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "dovecot-devel-1:2.3.8-9.el8.i686", "product": { "name": "dovecot-devel-1:2.3.8-9.el8.i686", "product_id": "dovecot-devel-1:2.3.8-9.el8.i686", "product_identification_helper": { "purl": "pkg:rpm/centos/dovecot-devel@2.3.8-9.el8?arch=i686&epoch=1" } } } ], "category": "architecture", "name": "i686" } ], "category": "vendor", "name": "Red Hat, Inc." }, { "branches": [ { "branches": [ { "category": "product_version", "name": "dovecot-devel-1:2.3.8-9.el8.tuxcare.els1.x86_64", "product": { "name": "dovecot-devel-1:2.3.8-9.el8.tuxcare.els1.x86_64", "product_id": "dovecot-devel-1:2.3.8-9.el8.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/dovecot-devel@2.3.8-9.el8.tuxcare.els1?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "dovecot-devel-1:2.3.8-9.el8.tuxcare.els2.x86_64", "product": { "name": "dovecot-devel-1:2.3.8-9.el8.tuxcare.els2.x86_64", "product_id": "dovecot-devel-1:2.3.8-9.el8.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/dovecot-devel@2.3.8-9.el8.tuxcare.els2?arch=x86_64&epoch=1" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "dovecot-devel-1:2.3.8-9.el8.tuxcare.els1.i686", "product": { "name": "dovecot-devel-1:2.3.8-9.el8.tuxcare.els1.i686", "product_id": "dovecot-devel-1:2.3.8-9.el8.tuxcare.els1.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/dovecot-devel@2.3.8-9.el8.tuxcare.els1?arch=i686&epoch=1" } } }, { "category": "product_version", "name": "dovecot-devel-1:2.3.8-9.el8.tuxcare.els2.i686", "product": { "name": "dovecot-devel-1:2.3.8-9.el8.tuxcare.els2.i686", "product_id": "dovecot-devel-1:2.3.8-9.el8.tuxcare.els2.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/dovecot-devel@2.3.8-9.el8.tuxcare.els2?arch=i686&epoch=1" } } } ], "category": "architecture", "name": "i686" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "dovecot-devel-1:2.3.8-9.el8.tuxcare.els1.x86_64 as a component of Community Enterprise Operating System 8.4", "product_id": "CentOS-8.4:dovecot-devel-1:2.3.8-9.el8.tuxcare.els1.x86_64" }, "product_reference": "dovecot-devel-1:2.3.8-9.el8.tuxcare.els1.x86_64", "relates_to_product_reference": "CentOS-8.4" }, { "category": "default_component_of", "full_product_name": { "name": "dovecot-devel-1:2.3.8-9.el8.x86_64 as a component of Community Enterprise Operating System 8.4", "product_id": "CentOS-8.4:dovecot-devel-1:2.3.8-9.el8.x86_64" }, "product_reference": "dovecot-devel-1:2.3.8-9.el8.x86_64", "relates_to_product_reference": "CentOS-8.4" }, { "category": "default_component_of", "full_product_name": { "name": "dovecot-devel-1:2.3.8-9.el8.tuxcare.els1.i686 as a component of Community Enterprise Operating System 8.4", "product_id": "CentOS-8.4:dovecot-devel-1:2.3.8-9.el8.tuxcare.els1.i686" }, "product_reference": "dovecot-devel-1:2.3.8-9.el8.tuxcare.els1.i686", "relates_to_product_reference": "CentOS-8.4" }, { "category": "default_component_of", "full_product_name": { "name": "dovecot-devel-1:2.3.8-9.el8.i686 as a component of Community Enterprise Operating System 8.4", "product_id": "CentOS-8.4:dovecot-devel-1:2.3.8-9.el8.i686" }, "product_reference": "dovecot-devel-1:2.3.8-9.el8.i686", "relates_to_product_reference": "CentOS-8.4" }, { "category": "default_component_of", "full_product_name": { "name": "dovecot-devel-1:2.3.8-9.el8.tuxcare.els2.i686 as a component of Community Enterprise Operating System 8.4", "product_id": "CentOS-8.4:dovecot-devel-1:2.3.8-9.el8.tuxcare.els2.i686" }, "product_reference": "dovecot-devel-1:2.3.8-9.el8.tuxcare.els2.i686", "relates_to_product_reference": "CentOS-8.4" }, { "category": "default_component_of", "full_product_name": { "name": "dovecot-devel-1:2.3.8-9.el8.tuxcare.els2.x86_64 as a component of Community Enterprise Operating System 8.4", "product_id": "CentOS-8.4:dovecot-devel-1:2.3.8-9.el8.tuxcare.els2.x86_64" }, "product_reference": "dovecot-devel-1:2.3.8-9.el8.tuxcare.els2.x86_64", "relates_to_product_reference": "CentOS-8.4" } ] }, "vulnerabilities": [ { "cve": "CVE-2026-27855", "cwe": { "id": "CWE-294", "name": "Authentication Bypass by Capture-replay" }, "notes": [ { "category": "description", "text": "Dovecot OTP authentication is vulnerable to replay attack under specific conditions. If auth cache is enabled, and username is altered in passdb, then OTP credentials can be cached so that same OTP reply is valid. An attacker able to observe an OTP exchange is able to log in as the user. If authentication happens over unsecure connection, switch to SCRAM protocol. Alternatively ensure the communcations are secured, and if possible switch to OAUTH2 or SCRAM. No publicly available exploits are known.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "known_affected": [ "CentOS-8.4:dovecot-devel-1:2.3.8-9.el8.i686", "CentOS-8.4:dovecot-devel-1:2.3.8-9.el8.tuxcare.els1.i686", "CentOS-8.4:dovecot-devel-1:2.3.8-9.el8.tuxcare.els1.x86_64", "CentOS-8.4:dovecot-devel-1:2.3.8-9.el8.tuxcare.els2.i686", "CentOS-8.4:dovecot-devel-1:2.3.8-9.el8.tuxcare.els2.x86_64", "CentOS-8.4:dovecot-devel-1:2.3.8-9.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-27855" }, { "category": "external", "summary": "https://documentation.open-xchange.com/dovecot/security/advisories/csaf/2026/oxdc-adv-2026-0001.json", "url": "https://documentation.open-xchange.com/dovecot/security/advisories/csaf/2026/oxdc-adv-2026-0001.json" } ], "release_date": "2026-03-27T09:16:00Z", "remediations": [ { "category": "no_fix_planned", "details": "This vulnerability is only exploitable under multiple non-default conditions: Dovecot’s OTP mechanism must be explicitly enabled, authentication caching must be turned on (disabled by default), and the passdb must rewrite the username—only then can a captured OTP reply be reused. Additionally, Dovecot disallows plaintext authentication on non-secure connections by default, so when TLS is used or non-OTP mechanisms like SCRAM/OAuth2 are configured, the prerequisite packet capture is prevented, making this a low-priority risk.", "product_ids": [ "CentOS-8.4:dovecot-devel-1:2.3.8-9.el8.i686", "CentOS-8.4:dovecot-devel-1:2.3.8-9.el8.tuxcare.els1.i686", "CentOS-8.4:dovecot-devel-1:2.3.8-9.el8.tuxcare.els1.x86_64", "CentOS-8.4:dovecot-devel-1:2.3.8-9.el8.tuxcare.els2.i686", "CentOS-8.4:dovecot-devel-1:2.3.8-9.el8.tuxcare.els2.x86_64", "CentOS-8.4:dovecot-devel-1:2.3.8-9.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "CentOS-8.4:dovecot-devel-1:2.3.8-9.el8.i686", "CentOS-8.4:dovecot-devel-1:2.3.8-9.el8.tuxcare.els1.i686", "CentOS-8.4:dovecot-devel-1:2.3.8-9.el8.tuxcare.els1.x86_64", "CentOS-8.4:dovecot-devel-1:2.3.8-9.el8.tuxcare.els2.i686", "CentOS-8.4:dovecot-devel-1:2.3.8-9.el8.tuxcare.els2.x86_64", "CentOS-8.4:dovecot-devel-1:2.3.8-9.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] } ] }