CVE-2026-33603_CVE-2026-33603

6.8 / 10

MEDIUM

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Description

Attacker can use a specially crafted base64 exchange between Dovecot and Client to fake SCRAM TLS channel binding. This requires that the attacker is able to position itself between Dovecot and the client connection. If successful, the attacker can eavesdrop communications between Dovecot and client as MITM proxy. Install fixed version. No publicly available exploits are known.

Basic Information

ID CVE-2026-33603

Source OX

Published May 12, 2026 at 13:28

Modified May 12, 2026 at 13:39

Affected Product

Vendor Open-Xchange GmbH

Product OX Dovecot Pro

Affected Versions Open-Xchange GmbH OX Dovecot Pro 0
Open-Xchange GmbH OX Dovecot Pro 0

References

documentation.open-xchange.com /dovecot/security/advisories/csaf/2026/oxdc-adv-2026-0002.json

{
    "lastseen": "",
    "description": "Attacker can use a specially crafted base64 exchange between Dovecot and Client to fake SCRAM TLS channel binding. This requires that the attacker is able to position itself between Dovecot and the client connection. If successful, the attacker can eavesdrop communications between Dovecot and client as MITM proxy. Install fixed version. No publicly available exploits are known.",
    "published": "2026-05-12T13:28:44.802Z",
    "modified": "2026-05-12T13:39:01.528Z",
    "type": "cve",
    "title": "CVE-2026-33603",
    "source": "OX",
    "references": "https://documentation.open-xchange.com/dovecot/security/advisories/csaf/2026/oxdc-adv-2026-0002.json",
    "id": "CVE-2026-33603",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "Open-Xchange GmbH OX Dovecot Pro 0\nOpen-Xchange GmbH OX Dovecot Pro 0",
    "sourceHref": "",
    "cvss": {
        "score": 6.8,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "OX Dovecot Pro",
    "version": "0",
    "vendor": "Open-Xchange GmbH",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Description

Basic Information

Affected Product

References

💭 Join the Security Discussion ❌ Cancel Reply