๐Ÿ” CVE Alert

CVE-2026-46445

HIGH 7.1
CVSS Score
7.1
EPSS Score
0.0%
EPSS Percentile
0th

SOGo before 5.12.7, when PostgreSQL is used, allows SQL injection.

CWE CWE-89
Vendor alinto
Product sogo
Published May 14, 2026
Last Updated May 14, 2026
Stay Ahead of the Next One

Get instant alerts for alinto sogo

Be the first to know when new high vulnerabilities affecting alinto sogo are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
Low

Affected Versions

Alinto / SOGo
0 < 5.12.7

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
sogo.nu: https://www.sogo.nu/news/2026/sogo-v5127-released.html github.com: https://github.com/Alinto/sogo/pull/379/changes/1f7e5d2b2c2047c44a6a9e05f73c36491cb96d21 mail-archive.com: https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg2100131.html