THREAT SENTINEL
Back to Dashboard
VulnerabilitiesHigh

CVE-2026-24031: Dovecot SQL based authentication can be bypassed when auth_u...

Saturday, March 28, 2026
Global
NVD

Summary

Dovecot SQL based authentication can be bypassed when auth_username_chars is cleared by admin. This vulnerability allows bypassing authentication for any user and user enumeration. Do not clear auth_username_chars. If this is not possible, install latest fixed version. No publicly available exploits

Threat Analysis

**Vulnerability ID:** CVE-2026-24031

**CVSS Score:** 7.7 (High)

**Description:** Dovecot SQL based authentication can be bypassed when auth_username_chars is cleared by admin. This vulnerability allows bypassing authentication for any user and user enumeration. Do not clear auth_username_chars. If this is not possible, install latest fixed version. No publicly available exploits are known.

**Recommended Mitigations:** - Apply vendor security patches immediately - Review and update security configurations - Monitor systems for signs of compromise - Implement network segmentation where applicable

Last updated: Mar 28, 2026, 09:18 AM

Daily Intelligence

Stay Ahead of Threats

Subscribe to receive daily threat briefings delivered to your inbox. Be the first to know about emerging security risks.

No spamUnsubscribe anytimeDaily at 9 AM