CVE-2026-40020
mediumCVSS v3 Base Score
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.0%
Exploitation probability in 30 days
Top 97% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Confidentiality
None
Integrity
None
Availability
High
Vulnerability Report
Generated by CyberWatcher
Description
A flaw was found in dovecot. A remote attacker can exploit the Internet Message Access Protocol (IMAP) SETACL command to inject "anyone" permissions into a user's dovecot-acl file, even when the imap_acl_allow_anyone setting is disabled. This vulnerability allows an attacker to spam folders to all users, leading to a denial of service by disrupting normal email service. No unauthorized access to user data is gained.
CWE
CWE-88Affected Products
Red Hat Enterprise Linux 10Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9