CVE-2026-24031
Received Received - Intake
Authentication Bypass in Dovecot SQL via auth_username_chars Misconfiguration

Publication date: 2026-03-27

Last updated on: 2026-04-29

Assigner: Open-Xchange

Description
Dovecot SQL based authentication can be bypassed when auth_username_chars is cleared by admin. This vulnerability allows bypassing authentication for any user and user enumeration. Do not clear auth_username_chars. If this is not possible, install latest fixed version. No publicly available exploits are known.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-27
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-03-27
EPSS Evaluated
2026-06-15
NVD
CVE-2026-24031
EUVD
EUVD-2026-16561
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
dovecot dovecot to 2.4.3 (exc)
open-xchange dovecot to 3.1.4 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-89 The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

This vulnerability allows bypassing authentication for any user and user enumeration, which can lead to unauthorized access to sensitive information.

Such unauthorized access could potentially result in violations of common standards and regulations like GDPR and HIPAA, which require strict access controls and protection of personal and health information.

Therefore, if exploited, this vulnerability may impact compliance by exposing sensitive data or allowing unauthorized actions.

Executive Summary

This vulnerability exists in Dovecot's SQL based authentication system. It can be bypassed when the configuration parameter auth_username_chars is cleared by an administrator. This allows an attacker to bypass authentication for any user and also perform user enumeration.

The recommended mitigation is to not clear auth_username_chars. If that is not possible, installing the latest fixed version of Dovecot is advised.

Impact Analysis

This vulnerability can have serious impacts as it allows an attacker to bypass authentication controls, potentially gaining unauthorized access to user accounts.

Additionally, it enables user enumeration, which can be used to gather valid usernames for further attacks.

The CVSS score of 7.7 indicates a high severity, with high impact on confidentiality and integrity, and low impact on availability.

Mitigation Strategies

To mitigate this vulnerability, do not clear the auth_username_chars setting in Dovecot.

If it is not possible to avoid clearing auth_username_chars, install the latest fixed version of Dovecot.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-24031. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart