CVE-2026-27856 Oracle — Exploit & Vulnerability Details HIGH

CVE-2026-27856

HIGH CVSS 3.1: 7.4 EPSS 0.04%

Parameter	Value
CVSS	7.4 (HIGH)
Type	CWE-287 (Improper Authentication)
Vendor	Oracle
Public PoC	No

Doveadm credentials are verified using direct comparison which is susceptible to timing oracle attack. An attacker can use this to determine the configured credentials. Figuring out the credential will lead into full access to the affected component.

Limit access to the doveadm http service port, install fixed version. No publicly available exploits are known.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

High

Difficult to exploit

Privileges Required

None

No privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

High

Complete data leak

Integrity

High

Complete data modification

Availability

None

No disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-287 Improper Authentication

References 1

https://documentation.open-xchange.com/dovecot/security/advisories/csaf/2026/ox…

security@open-xchange.com

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-40193

Oracle

8.2

CVE-2026-5504

Oracle

6.3

CVE-2026-29146

Oracle

7.5

CVE-2026-39974

Oracle

8.5

CVE-2026-35187

Oracle

7.7

Menu

CVE-2026-27856

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 1

Related Vulnerabilities

CVE-2026-40193

CVE-2026-5504

CVE-2026-29146

CVE-2026-39974

CVE-2026-35187

CVE Details

Editor's Choice

Menu

CVE-2026-27856

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 1

Related Vulnerabilities

CVE-2026-40193

CVE-2026-5504

CVE-2026-29146

CVE-2026-39974

CVE-2026-35187

CVE Details

Editor's Choice

Stay informed on cybersecurity