CVE Field Guide
About Us
CVE-2026-46445
PUBLISHED
Assigner:
mitre
Reserved:
14.05.2026
Published:
14.05.2026
Updated:
14.05.2026
SOGo before 5.12.7, when PostgreSQL is used, allows SQL injection.
Metrics
CVSS 3.1
CVSS Vector:
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L
CVSS Score:
7.1
CVSS score
7.1
Attack Vector
Network
Scope
Unchanged
Attack Complexity
High
Confidentiality Impact
High
Privileges Required
Low
Integrity Impact
High
User Interaction
None
Availability Impact
Low
CVSS 3.1
Product Status
Vendor
Alinto
Product
SOGo
Versions
Default:
unaffected
affected from 0 to 5.12.7 (excl.)
References
https://www.sogo.nu/news/2026/sogo-v5127-released.html
https://github.com/Alinto/sogo/pull/379/changes/1f7e5d2b2c2047c44a6a9e05f73c36491cb96d21
https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg2100131.html
Problem Types
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE