{ "document": { "aggregate_severity": { "text": "Medium" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/rhel7els/vex/2026/cve-2026-40016-els_os-rhel7els.json" } ], "tracking": { "current_release_date": "2026-05-22T16:07:02Z", "generator": { "date": "2026-05-22T16:07:02Z", "engine": { "name": "pyCSAF" } }, "id": "CVE-2026-40016-ELS_OS-RHEL7ELS", "initial_release_date": "2026-05-12T14:17:00Z", "revision_history": [ { "date": "2026-05-12T14:17:00Z", "number": "1", "summary": "Initial version" }, { "date": "2026-05-22T16:07:02Z", "number": "2", "summary": "Official Publication" } ], "status": "final", "version": "2" }, "title": "Security update on CVE-2026-40016" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux 7", "product": { "name": "Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7", "product_identification_helper": { "cpe": "cpe:2.3:o:redhat:enterprise_linux:7:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "dovecot-1:2.2.36-8.el7.i686", "product": { "name": "dovecot-1:2.2.36-8.el7.i686", "product_id": "dovecot-1:2.2.36-8.el7.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/dovecot@2.2.36-8.el7?arch=i686&epoch=1" } } }, { "category": "product_version", "name": "dovecot-devel-1:2.2.36-8.el7.i686", "product": { "name": "dovecot-devel-1:2.2.36-8.el7.i686", "product_id": "dovecot-devel-1:2.2.36-8.el7.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/dovecot-devel@2.2.36-8.el7?arch=i686&epoch=1" } } } ], "category": "architecture", "name": "i686" }, { "branches": [ { "category": "product_version", "name": "dovecot-1:2.2.36-8.el7.x86_64", "product": { "name": "dovecot-1:2.2.36-8.el7.x86_64", "product_id": "dovecot-1:2.2.36-8.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dovecot@2.2.36-8.el7?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "dovecot-devel-1:2.2.36-8.el7.x86_64", "product": { "name": "dovecot-devel-1:2.2.36-8.el7.x86_64", "product_id": "dovecot-devel-1:2.2.36-8.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dovecot-devel@2.2.36-8.el7?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "dovecot-mysql-1:2.2.36-8.el7.x86_64", "product": { "name": "dovecot-mysql-1:2.2.36-8.el7.x86_64", "product_id": "dovecot-mysql-1:2.2.36-8.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dovecot-mysql@2.2.36-8.el7?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "dovecot-pigeonhole-1:2.2.36-8.el7.x86_64", "product": { "name": "dovecot-pigeonhole-1:2.2.36-8.el7.x86_64", "product_id": "dovecot-pigeonhole-1:2.2.36-8.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dovecot-pigeonhole@2.2.36-8.el7?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "dovecot-pgsql-1:2.2.36-8.el7.x86_64", "product": { "name": "dovecot-pgsql-1:2.2.36-8.el7.x86_64", "product_id": "dovecot-pgsql-1:2.2.36-8.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/dovecot-pgsql@2.2.36-8.el7?arch=x86_64&epoch=1" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat, Inc." }, { "branches": [ { "branches": [ { "category": "product_version", "name": "dovecot-1:2.2.36-8.el7.tuxcare.els1.i686", "product": { "name": "dovecot-1:2.2.36-8.el7.tuxcare.els1.i686", "product_id": "dovecot-1:2.2.36-8.el7.tuxcare.els1.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/dovecot@2.2.36-8.el7.tuxcare.els1?arch=i686&epoch=1" } } }, { "category": "product_version", "name": "dovecot-devel-1:2.2.36-8.el7.tuxcare.els1.i686", "product": { "name": "dovecot-devel-1:2.2.36-8.el7.tuxcare.els1.i686", "product_id": "dovecot-devel-1:2.2.36-8.el7.tuxcare.els1.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/dovecot-devel@2.2.36-8.el7.tuxcare.els1?arch=i686&epoch=1" } } } ], "category": "architecture", "name": "i686" }, { "branches": [ { "category": "product_version", "name": "dovecot-1:2.2.36-8.el7.tuxcare.els1.x86_64", "product": { "name": "dovecot-1:2.2.36-8.el7.tuxcare.els1.x86_64", "product_id": "dovecot-1:2.2.36-8.el7.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/dovecot@2.2.36-8.el7.tuxcare.els1?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "dovecot-devel-1:2.2.36-8.el7.tuxcare.els1.x86_64", "product": { "name": "dovecot-devel-1:2.2.36-8.el7.tuxcare.els1.x86_64", "product_id": "dovecot-devel-1:2.2.36-8.el7.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/dovecot-devel@2.2.36-8.el7.tuxcare.els1?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "dovecot-mysql-1:2.2.36-8.el7.tuxcare.els1.x86_64", "product": { "name": "dovecot-mysql-1:2.2.36-8.el7.tuxcare.els1.x86_64", "product_id": "dovecot-mysql-1:2.2.36-8.el7.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/dovecot-mysql@2.2.36-8.el7.tuxcare.els1?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "dovecot-pigeonhole-1:2.2.36-8.el7.tuxcare.els1.x86_64", "product": { "name": "dovecot-pigeonhole-1:2.2.36-8.el7.tuxcare.els1.x86_64", "product_id": "dovecot-pigeonhole-1:2.2.36-8.el7.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/dovecot-pigeonhole@2.2.36-8.el7.tuxcare.els1?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "dovecot-pgsql-1:2.2.36-8.el7.tuxcare.els1.x86_64", "product": { "name": "dovecot-pgsql-1:2.2.36-8.el7.tuxcare.els1.x86_64", "product_id": "dovecot-pgsql-1:2.2.36-8.el7.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/dovecot-pgsql@2.2.36-8.el7.tuxcare.els1?arch=x86_64&epoch=1" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "dovecot-1:2.2.36-8.el7.tuxcare.els1.i686 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:dovecot-1:2.2.36-8.el7.tuxcare.els1.i686" }, "product_reference": "dovecot-1:2.2.36-8.el7.tuxcare.els1.i686", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "dovecot-1:2.2.36-8.el7.i686 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:dovecot-1:2.2.36-8.el7.i686" }, "product_reference": "dovecot-1:2.2.36-8.el7.i686", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "dovecot-1:2.2.36-8.el7.tuxcare.els1.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:dovecot-1:2.2.36-8.el7.tuxcare.els1.x86_64" }, "product_reference": "dovecot-1:2.2.36-8.el7.tuxcare.els1.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "dovecot-1:2.2.36-8.el7.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:dovecot-1:2.2.36-8.el7.x86_64" }, "product_reference": "dovecot-1:2.2.36-8.el7.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "dovecot-devel-1:2.2.36-8.el7.tuxcare.els1.i686 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:dovecot-devel-1:2.2.36-8.el7.tuxcare.els1.i686" }, "product_reference": "dovecot-devel-1:2.2.36-8.el7.tuxcare.els1.i686", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "dovecot-devel-1:2.2.36-8.el7.i686 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:dovecot-devel-1:2.2.36-8.el7.i686" }, "product_reference": "dovecot-devel-1:2.2.36-8.el7.i686", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "dovecot-devel-1:2.2.36-8.el7.tuxcare.els1.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:dovecot-devel-1:2.2.36-8.el7.tuxcare.els1.x86_64" }, "product_reference": "dovecot-devel-1:2.2.36-8.el7.tuxcare.els1.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "dovecot-devel-1:2.2.36-8.el7.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:dovecot-devel-1:2.2.36-8.el7.x86_64" }, "product_reference": "dovecot-devel-1:2.2.36-8.el7.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "dovecot-mysql-1:2.2.36-8.el7.tuxcare.els1.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:dovecot-mysql-1:2.2.36-8.el7.tuxcare.els1.x86_64" }, "product_reference": "dovecot-mysql-1:2.2.36-8.el7.tuxcare.els1.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "dovecot-mysql-1:2.2.36-8.el7.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:dovecot-mysql-1:2.2.36-8.el7.x86_64" }, "product_reference": "dovecot-mysql-1:2.2.36-8.el7.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "dovecot-pigeonhole-1:2.2.36-8.el7.tuxcare.els1.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:dovecot-pigeonhole-1:2.2.36-8.el7.tuxcare.els1.x86_64" }, "product_reference": "dovecot-pigeonhole-1:2.2.36-8.el7.tuxcare.els1.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "dovecot-pigeonhole-1:2.2.36-8.el7.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:dovecot-pigeonhole-1:2.2.36-8.el7.x86_64" }, "product_reference": "dovecot-pigeonhole-1:2.2.36-8.el7.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "dovecot-pgsql-1:2.2.36-8.el7.tuxcare.els1.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:dovecot-pgsql-1:2.2.36-8.el7.tuxcare.els1.x86_64" }, "product_reference": "dovecot-pgsql-1:2.2.36-8.el7.tuxcare.els1.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "dovecot-pgsql-1:2.2.36-8.el7.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:dovecot-pgsql-1:2.2.36-8.el7.x86_64" }, "product_reference": "dovecot-pgsql-1:2.2.36-8.el7.x86_64", "relates_to_product_reference": "Red-Hat-7" } ] }, "vulnerabilities": [ { "cve": "CVE-2026-40016", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "notes": [ { "category": "description", "text": "Attacker can upload a malicious Sieve script over ManageSieve service (or locally) to bypass configured CPU time limits for Sieve up to 130 times of the configured limit. Attacker can use this to degrade server performance and bypass configured CPU time limits for Sieve scripts. Install fixed version, or alternatively prevent direct access to Sieve scripts via ManageSieve or local access. No publicly available exploits are known.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "known_affected": [ "Red-Hat-7:dovecot-1:2.2.36-8.el7.i686", "Red-Hat-7:dovecot-1:2.2.36-8.el7.tuxcare.els1.i686", "Red-Hat-7:dovecot-1:2.2.36-8.el7.tuxcare.els1.x86_64", "Red-Hat-7:dovecot-1:2.2.36-8.el7.x86_64", "Red-Hat-7:dovecot-devel-1:2.2.36-8.el7.i686", "Red-Hat-7:dovecot-devel-1:2.2.36-8.el7.tuxcare.els1.i686", "Red-Hat-7:dovecot-devel-1:2.2.36-8.el7.tuxcare.els1.x86_64", "Red-Hat-7:dovecot-devel-1:2.2.36-8.el7.x86_64", "Red-Hat-7:dovecot-mysql-1:2.2.36-8.el7.tuxcare.els1.x86_64", "Red-Hat-7:dovecot-mysql-1:2.2.36-8.el7.x86_64", "Red-Hat-7:dovecot-pgsql-1:2.2.36-8.el7.tuxcare.els1.x86_64", "Red-Hat-7:dovecot-pgsql-1:2.2.36-8.el7.x86_64", "Red-Hat-7:dovecot-pigeonhole-1:2.2.36-8.el7.tuxcare.els1.x86_64", "Red-Hat-7:dovecot-pigeonhole-1:2.2.36-8.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-40016" }, { "category": "external", "summary": "https://documentation.open-xchange.com/dovecot/security/advisories/csaf/2026/oxdc-adv-2026-0002.json", "url": "https://documentation.open-xchange.com/dovecot/security/advisories/csaf/2026/oxdc-adv-2026-0002.json" } ], "release_date": "2026-05-12T14:17:00Z", "remediations": [ { "category": "no_fix_planned", "date": "2026-05-19T17:38:41.152404Z", "details": "Exploitation requires the attacker to upload a Sieve script via the authenticated ManageSieve service or gain local write access, so unauthenticated remote attackers cannot trigger it. The impact is availability-only (excess CPU use during Sieve evaluation) with no confidentiality or integrity effect, and no public exploits are known, which keeps practical risk low. In enterprise VM/server environments where ManageSieve (port 4190) isn’t exposed to untrusted networks and script upload already requires valid mailbox credentials, this issue can be safely deprioritized.", "product_ids": [ "Red-Hat-7:dovecot-1:2.2.36-8.el7.i686", "Red-Hat-7:dovecot-1:2.2.36-8.el7.tuxcare.els1.i686", "Red-Hat-7:dovecot-1:2.2.36-8.el7.tuxcare.els1.x86_64", "Red-Hat-7:dovecot-1:2.2.36-8.el7.x86_64", "Red-Hat-7:dovecot-devel-1:2.2.36-8.el7.i686", "Red-Hat-7:dovecot-devel-1:2.2.36-8.el7.tuxcare.els1.i686", "Red-Hat-7:dovecot-devel-1:2.2.36-8.el7.tuxcare.els1.x86_64", "Red-Hat-7:dovecot-devel-1:2.2.36-8.el7.x86_64", "Red-Hat-7:dovecot-mysql-1:2.2.36-8.el7.tuxcare.els1.x86_64", "Red-Hat-7:dovecot-mysql-1:2.2.36-8.el7.x86_64", "Red-Hat-7:dovecot-pgsql-1:2.2.36-8.el7.tuxcare.els1.x86_64", "Red-Hat-7:dovecot-pgsql-1:2.2.36-8.el7.x86_64", "Red-Hat-7:dovecot-pigeonhole-1:2.2.36-8.el7.tuxcare.els1.x86_64", "Red-Hat-7:dovecot-pigeonhole-1:2.2.36-8.el7.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red-Hat-7:dovecot-1:2.2.36-8.el7.i686", "Red-Hat-7:dovecot-1:2.2.36-8.el7.tuxcare.els1.i686", "Red-Hat-7:dovecot-1:2.2.36-8.el7.tuxcare.els1.x86_64", "Red-Hat-7:dovecot-1:2.2.36-8.el7.x86_64", "Red-Hat-7:dovecot-devel-1:2.2.36-8.el7.i686", "Red-Hat-7:dovecot-devel-1:2.2.36-8.el7.tuxcare.els1.i686", "Red-Hat-7:dovecot-devel-1:2.2.36-8.el7.tuxcare.els1.x86_64", "Red-Hat-7:dovecot-devel-1:2.2.36-8.el7.x86_64", "Red-Hat-7:dovecot-mysql-1:2.2.36-8.el7.tuxcare.els1.x86_64", "Red-Hat-7:dovecot-mysql-1:2.2.36-8.el7.x86_64", "Red-Hat-7:dovecot-pgsql-1:2.2.36-8.el7.tuxcare.els1.x86_64", "Red-Hat-7:dovecot-pgsql-1:2.2.36-8.el7.x86_64", "Red-Hat-7:dovecot-pigeonhole-1:2.2.36-8.el7.tuxcare.els1.x86_64", "Red-Hat-7:dovecot-pigeonhole-1:2.2.36-8.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] } ] }