CVE-2026-27857
Received Received - Intake
Memory Exhaustion via NOOP Command in Open-Xchange Proxy

Publication date: 2026-03-27

Last updated on: 2026-04-30

Assigner: Open-Xchange

Description
Sending "NOOP (((...)))" command with 4000 parenthesis open+close results in ~1MB extra memory usage. Longer commands will result in client disconnection. This 1 MB can be left allocated for longer time periods by not sending the command ending LF. So attacker could connect possibly from even a single IP and create 1000 connections to allocate 1 GB of memory, which would likely result in reaching VSZ limit and killing the process and its other proxied connections. Attacker could connect possibly from even a single IP and create 1000 connections to allocate 1 GB of memory, which would likely result in reaching VSZ limit and killing the process and its other proxied connections. Install fixed version, there is no other remediation. No publicly available exploits are known.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-27
Last Modified
2026-04-30
Generated
2026-05-06
AI Q&A
2026-03-27
EPSS Evaluated
2026-05-05
NVD
CVE-2026-27857
EUVD
EUVD-2026-16567
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
dovecot dovecot to 2.4.3 (exc)
open-xchange dovecot From 3.0.0 (inc) to 3.0.5 (exc)
open-xchange dovecot From 3.1.0 (inc) to 3.1.4 (exc)
open-xchange dovecot to 2.3.22.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-400 The product does not properly control the allocation and maintenance of a limited resource.
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

The provided information does not specify any impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.


Can you explain this vulnerability to me?

This vulnerability occurs when sending a "NOOP (((...)))" command containing 4000 pairs of parentheses, which causes approximately 1MB of extra memory to be allocated.

If longer commands are sent, the client will be disconnected.

Additionally, if the command ending line feed (LF) is not sent, the allocated 1MB of memory can remain allocated for longer periods.

An attacker could exploit this by creating many connections (e.g., 1000) from even a single IP address, causing the system to allocate large amounts of memory (around 1GB), potentially reaching the virtual memory size (VSZ) limit and causing the process and its proxied connections to be killed.

The only remediation is to install a fixed version; no other mitigations are available.


How can this vulnerability impact me? :

This vulnerability can lead to a denial of service condition by exhausting system memory.

An attacker can create many connections that allocate large amounts of memory, potentially causing the affected process to reach its memory limits and be terminated.

When the process is killed, it also terminates other proxied connections, disrupting service availability.


What immediate steps should I take to mitigate this vulnerability?

The only remediation is to install the fixed version of the affected software.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability involves sending a "NOOP (((...)))" command with 4000 parenthesis open and close characters, which causes increased memory usage and potential client disconnection.

Detection could involve monitoring for unusual NOOP commands with excessive parentheses or tracking processes with abnormally high memory usage due to many simultaneous connections.

However, there are no specific commands or detection methods provided in the available information.

The recommended remediation is to install the fixed version, as no other mitigations or detection commands are described.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart