CVE-2026-27859 PUBLISHED

Assigner: OX
Reserved: 24.02.2026 Published: 27.03.2026 Updated: 27.03.2026

A mail message containing excessive amount of RFC 2231 MIME parameters causes LMTP to use too much CPU. A suitably formatted mail message causes mail delivery process to consume large amounts of CPU time. Use MTA capabilities to limit RFC 2231 MIME parameters in mail messages, or upgrade to fixed version where the processing is limited. No publicly available exploits are known.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVSS Score: 5.3

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	None
Privileges Required	None	Integrity Impact	None
User Interaction	None	Availability Impact	Low

CVSS 3.1

Product Status

Vendor	Open-Xchange GmbH
Product	OX Dovecot Pro
Versions	Default: unaffected affected from 0 to 3.0.2 (incl.) affected from 0 to 3.1.0 (incl.) affected from 0 to 2.4.0 (incl.)

References

https://documentation.open-xchange.com/dovecot/security/advisories/csaf/2026/oxdc-adv-2026-0001.json

Problem Types

Uncontrolled Resource Consumption cwe