CVE-2026-27857

high

Description

Sending "NOOP (((...)))" command with 4000 parenthesis open+close results in ~1MB extra memory usage. Longer commands will result in client disconnection. This 1 MB can be left allocated for longer time periods by not sending the command ending LF. So attacker could connect possibly from even a single IP and create 1000 connections to allocate 1 GB of memory, which would likely result in reaching VSZ limit and killing the process and its other proxied connections. Attacker could connect possibly from even a single IP and create 1000 connections to allocate 1 GB of memory, which would likely result in reaching VSZ limit and killing the process and its other proxied connections. Install fixed version, there is no other remediation. No publicly available exploits are known.

References

https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27857.json

https://documentation.open-xchange.com/dovecot/security/advisories/csaf/2026/oxdc-adv-2026-0001.json

https://bugzilla.redhat.com/show_bug.cgi?id=2452179

https://access.redhat.com/security/cve/CVE-2026-27857

https://access.redhat.com/errata/RHSA-2026:26564

https://access.redhat.com/errata/RHSA-2026:19455

https://access.redhat.com/errata/RHSA-2026:19453

https://access.redhat.com/errata/RHSA-2026:19364

https://access.redhat.com/errata/RHSA-2026:19149

https://access.redhat.com/errata/RHSA-2026:18053

https://access.redhat.com/errata/RHSA-2026:17630

https://access.redhat.com/errata/RHSA-2026:17628

https://access.redhat.com/errata/RHSA-2026:17626

https://access.redhat.com/errata/RHSA-2026:17625

https://access.redhat.com/errata/RHSA-2026:17602

https://access.redhat.com/errata/RHSA-2026:13857

https://access.redhat.com/errata/RHSA-2026:13830

https://access.redhat.com/errata/RHSA-2026:13498

Details

Source: Mitre, NVD

Published: 2026-03-27

Updated: 2026-06-30

Risk Information

CVSS v2

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: High

EPSS

EPSS: 0.00039